We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

is IIS password authentification secure?RSS

1 reply

Last post Mar 30, 2021 07:23 PM by lextm

  • is IIS password authentification secure?

    Mar 30, 2021 11:22 AM|icram|LINK

    Hi everybody,

    I need to publish a company website for our workers.

    I am somehow extremely over-cautious ( also because of Exchange ProxyLogon issue).

    If I only publish the SSL site to Internet and prevent anonymous acces and activate basic authentification, is that enough? (Server2019)

    I am worried about someone loging in without any credentials, like with the Hafnium/ProxyLogon Exploit.

    Greetings

    icram

  • Re: is IIS password authentification secure?

    Mar 30, 2021 07:23 PM|lextm|LINK

    icram

    If I only publish the SSL site to Internet and prevent anonymous acces and activate basic authentification, is that enough? (Server2019)

    HTTPS + Basic authentication can only solve part of the security challenge, but they are far from enough.

    You still need much more measures (especially related to the site itself, like web framework/code) in order to achieve better security.

    Hire a security consultant so that he/she can help you out.

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.