Internet Information Services: Wikis

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

Encyclopedia

Updated live from Wikipedia, last check: June 02, 2012 05:53 UTC (43 seconds ago)

From Wikipedia, the free encyclopedia

Internet Information Services
Screenshot of IIS 7's II Manager console
Developer(s)	Microsoft
Stable release	7.5 / 10/22/2009
Operating system	Microsoft Windows
Type	Server
License	Proprietary
Website	www.microsoft.com/iis

Internet Information Services (IIS) - formerly called Internet Information Server - is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the world's second most popular web server in terms of overall websites behind the industry leader Apache HTTP Server. As of March 2010, it served 24.47% of all websites according to Netcraft.^[1] The protocols supported in IIS 7 include: FTP, FTPS, SMTP, NNTP, and HTTP/HTTPS.

1 Versions
2 History
3 Security
4 IIS Features
- 4.1 Security Features
- 4.2 IIS Extensions
5 See also
6 References
7 External links

Versions

IIS 1.0, Windows NT 3.51 available as a free add-on
IIS 2.0, Windows NT 4.0
IIS 3.0, Windows NT 4.0 Service Pack 3
IIS 4.0, Windows NT 4.0 Option Pack
IIS 5.0, Windows 2000
IIS 5.1, Windows XP Professional, Windows XP Media Center Edition
IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
IIS 7.0, Windows Server 2008 and Windows Vista (Home Premium, Business, Enterprise, Ultimate Editions)
IIS 7.5, Windows Server 2008 R2 and Windows 7

IIS is not turned on by default when Windows is installed, but it can be selected from the list of optional features. It is available in all editions of Windows Vista and Windows 7, including Home Basic, but some features are not supported on client versions of Windows.

History

The first Microsoft web server was a research project at European Microsoft Windows NT Academic Centre (EMWAC), part of the University of Edinburgh in Scotland, and was distributed as freeware.^[2] However since the EMWAC server was unable to scale sufficiently to handle the volume of traffic going to microsoft.com, Microsoft was forced to develop its own webserver, IIS.^[3]

IIS was initially released as a set of web-based services for Windows NT 3.51. IIS 2.0 followed, adding support for the Windows NT 4.0 operating system; and IIS 3.0 introduced the Active Server Pages dynamic scripting environment.^[4]

IIS 4.0 dropped support for the Gopher protocol and was released as part of an "Option Pack" for Windows NT 4.0.^{[citation needed]}

The current shipping version of IIS is 7.5 for Windows 7 and Windows Server 2008 R2, 7.0 for Windows Vista and Windows Server 2008, 6.0 for Windows Server 2003 and Windows XP Professional x64 Edition, and IIS 5.1 for Windows XP Professional.

Windows XP has a restricted version of IIS 5.1 that supports only 10 simultaneous connections and a single web site.^[5]

IIS 7.0 on Vista does not limit the number of allowed connections as IIS on XP did, but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued, which hampers performance, but they are not rejected as with XP.

IIS 6.0 added support for IPv6. A FastCGI module is also available for IIS 5.1, IIS 6.0^[6] and IIS 7.^[7]

IIS 7.0 (Windows Vista/2008) has better performance than IIS 5.1 (Windows XP) because it relies on the HTTP.SYS kernel driver.

Security

Earlier versions of IIS were hit with a number of vulnerabilities, chief among them CA-2001-19 which led to the infamous Code Red worm; however, both versions 6.0 and 7.0 currently have no reported issues with this specific vulnerability.^[8]^[9] In IIS 6.0 Microsoft opted to change the behaviour of pre-installed ISAPI handlers,^[10] many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web Service Extensions" that prevents IIS from launching any program without explicit permission by an administrator.

In the current release, IIS 7, the components are provided as modules so that only the required components have to be installed, thus further reducing the attack surface. In addition, security features are added such as Request Filtering, which rejects suspicious URLs based on a user-defined rule set.

By default IIS 5.1 and ,^[11] a default Windows account with 'superuser' rights. Under 6.0 all request handling processes have been brought under a Network Services account with significantly fewer privileges so that should there be a vulnerability in a feature or in custom code it won't necessarily compromise the entire system given the sandboxed environment these worker processes run in. IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.

There are various built-in security features from Microsoft. Many companies offer third-party security tools and features, also known as "Web App Firewalls, or Web Application Firewalls." The advantage of such tools is that they offer much more comprehensive elements (such as easy-to-use GUI, etc.) that aid in protecting an IIS installation with an additional layer of protection at a higher level. Though no security system is ever complete, most admins choose to run an application-layer firewall and an Intrusion Prevention System (IPS).

IIS Features

IIS 7 is built on a modular architecture. Modules, also called extensions, can be added or removed individually so that only modules required for specific functionality have to be installed. IIS 7 includes native modules as part of the full installation. These modules are individual features that the server uses to process requests and include the following:

HTTP modules - Used to perform tasks specific to HTTP in the request-processing pipeline, such as responding to information and inquiries sent in client headers, returning HTTP errors, and redirecting requests.

Security modules - Used to perform tasks related to security in the request-processing pipeline, such as specifying authentication schemes, performing URL authorization, and filtering requests.

Content modules - Used to perform tasks related to content in the request-processing pipeline, such as processing requests for static files, returning a default page when a client does not specify a resource in a request, and listing the contents of a directory.

Compression modules - Used to perform tasks related to compression in the request-processing pipeline, such as compressing responses, applying Gzip compression transfer coding to responses, and performing pre-compression of static content.

Caching modules - Used to perform tasks related to caching in the request-processing pipeline, such as storing processed information in memory on the server and using cached content in subsequent requests for the same resource.

Logging and Diagnostics modules - Used to perform tasks related to logging and diagnostics in the request-processing pipeline, such as passing information and processing status to HTTP.sys for logging, reporting events, and tracking requests currently executing in worker processes.

Security Features

IIS 5.0 and higher support the following authentication mechanisms:

Basic access authentication
Digest access authentication
Integrated Windows Authentication
.NET Passport Authentication (not supported in Windows Server 2008 and above)

IIS 7.5 includes the following additional security features:

Client Certificate Mapping
IP Security
Request Filtering
URL Authorization

Authentication changed slightly between IIS6 and IIS7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled.

IIS Extensions

IIS releases new feature modules between major version releases to add new functionality. The following extensions are available for IIS 7:

FTP Publishing Service - Lets Web content creators publish content securely to IIS 7 Web servers with SSL-based authentication and data transfer.

Administration Pack - Adds administration UI support for management features in IIS 7, including ASP.NET authorization, custom errors, FastCGI configuration, and request filtering.

Application Request Routing - Provides a proxy-based routing module that forwards HTTP requests to content servers based on HTTP headers, server variables, and load balance algorithms.

Database Manager - Allows easy management of local and remote databases from within IIS Manager.

Media Services - Integrates a media delivery platform with IIS to manage and administer delivery of rich media and other Web content.

URL Rewrite Module - Provides a rule-based rewriting mechanism for changing request URLs before they are processed by the Web server.

WebDAV - Lets Web authors publish content securely to IIS 7 Web servers, and lets Web administrators and hosters manage WebDAV settings using IIS 7 management and configuration tools.

Web Deployment Tool - Synchronizes IIS 6.0 and IIS 7 servers, migrates an IIS 6.0 server to IIS 7, and deploys Web applications to an IIS 7 server.

References

^ "Netcraft Web Server Survey, March 2010". http://news.netcraft.com/archives/2010/03/17/march_2010_web_server_survey.html. Retrieved 2010-03-19.
^ "Windows NT Internet Servers". Microsoft. July 10, 2002. http://support.microsoft.com/kb/120734. Retrieved 2008-05-26.
^ Dave Kramer (December 24, 1999). "A Brief History of Microsoft on the Web". Microsoft. http://www.microsoft.com/misc/features/features_flshbk.htm.
^ "Microsoft ASP.NET 2.0 Next Stop on Microsoft Web Development Roadmap". http://www.directionsonmicrosoft.com/sample/DOMIS/update/2004/08aug/0804a2nsow.htm.
^ "Internet Information Services 5.1". http://www.microsoft.com/windowsxp/evaluation/features/iis.mspx. Retrieved 2007-07-20.
^ "FastCGI Extension for IIS 6.0 and IIS 5.1 - Go Live". http://www.iis.net/downloads/default.aspx?tabid=34&i=1521&g=6. Retrieved 2007-09-27.
^ "FastCGI for IIS7". http://www.iis.net/downloads/default.aspx?tabid=34&i=1299&g=6. Retrieved 2007-09-27.
^ "Vulnerability Report: Microsoft Internet Information Services (IIS) 6". http://secunia.com/advisories/product/1438/?task=statistics. Retrieved 2008-10-14.
^ "Vulnerability Report: Microsoft Internet Information Services (IIS) 7". http://secunia.com/advisories/product/17543/?task=statistics. Retrieved 2008-10-14.
^ "IIS Installs in a Locked-Down Mode (IIS 6.0)". MSDN. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/54257c42-d723-4b12-badf-f4902c195821.mspx?mfr=true. Retrieved 2007-07-20.
^ "HOW TO: Run Applications Not in the Context of the System Account in IIS#Default Installation". http://support.microsoft.com/kb/319067/. Retrieved 2007-07-20.

External links

IIS.NET - The Official Microsoft IIS Site
IIS 7.5 Product Page - Windows Server 2008 R2
Security Guidance for IIS - Microsoft TechNet
Microsoft Web Platform Installer - A free tool to install IIS and other components of the Microsoft Web Platform
Microsoft WebsiteSpark Program - A program that offers IIS and other Microsoft Web Platform products at no upfront cost for 3 years

Microsoft Windows components

Core	Aero · AutoPlay · AutoRun · ClearType · Desktop Window Manager · DirectX · Explorer · Taskbar · Start menu · Shell (Shell extensions · namespace · Special Folders · File associations) · Search (Saved search · IFilter) · Graphics Device Interface · Imaging Format · .NET Framework · Server Message Block · XML Paper Specification · Active Scripting (WSH · VBScript · JScript) · COM (OLE · OLE Automation · DCOM · ActiveX · ActiveX Document · COM Structured storage · Transaction Server) · Previous Versions · Win32 console

Management tools	Backup and Restore Center · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Driver Verifier · Event Viewer · Management Console · Netsh · Problem Reports and Solutions · Sysprep · System Policy Editor · System Configuration · Task Manager · System File Checker · System Restore · WMI · Windows Installer · PowerShell · Windows Update · WAIK · WinSAT · Windows Easy Transfer

Applications	Calculator · Calendar · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Mail · Magnifier · Media Center · Media Player · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · Private Character Editor · Remote Assistance · Windows Desktop Gadgets · Snipping Tool · Sound Recorder · Speech Recognition · WordPad

Games	Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Pinball · Purble Place · Solitaire · Spider Solitaire · Tinker

Kernel	Ntoskrnl.exe · hal.dll · System Idle Process · Svchost.exe · Registry · Windows service · Service Control Manager · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection

Services	BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Error Reporting · Multimedia Class Scheduler · CLFS

File systems	NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · FAT32·FAT16·FAT12 · exFAT · CDFS · UDF · DFS · IFS

Server	Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Windows SharePoint Services · Network Access Protection · PWS · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · System Resource Manager · Hyper-V

Architecture	NT series architecture · Object Manager · Startup process (Vista/7) · I/O request packet · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows File Protection / Windows Resource Protection · Windows library files · LSASS · CSRSS · SMSS · MinWin

Security	User Account Control · BitLocker · Defender · Data Execution Prevention · Security Essentials · Protected Media Path · Mandatory Integrity Control · User Interface Privilege Isolation · Windows Firewall · Security Center

Compatibility	Unix subsystem (Microsoft POSIX · Interix) · Virtual DOS machine · command.com · Windows on Windows · WoW64 · Windows XP Mode

Microsoft

Board of directors

Steve Ballmer · James Cash, Jr. · Dina Dublon · Bill Gates · Raymond Gilmartin · Reed Hastings · Maria Klawe · David Marquardt · Charles Noski · Helmut Panke · Jon Shirley

Desktop software

Windows (components) · Internet Explorer · Office · Visual Studio · Security Essentials · Expression · Dynamics · Money · Encarta · Student · Math · Works · MapPoint · Virtual PC · Forefront · Home · Flight Simulator · Bob

Server software

Windows Server · SQL Server · IIS · PWS · Exchange · BizTalk · Commerce · ISA Server · System Center · Home Server · SharePoint (WSS, MOSS, Search Server) · OCS · Terminal Services · Microsoft Host Integration Server

Technologies

Active Directory · DirectX · .NET · Windows Media · PlaysForSure · App-V · Hyper-V · Silverlight · Windows Phone · Windows Embedded · Mediaroom · HDi

Web properties

Websites	adCenter · Bing · Channel 9 · CodePlex · HealthVault · Ignition · Microsoft Store · MSDN · MSN (Games · msnbc.com · ninemsn) · TechNet · Windows Live (Groups · Hotmail · ID · Messenger · Spaces)

Live	Games for Windows – Live · Xbox Live (Arcade · Marketplace) · Zune Social