Securing Microsoft Web Applications - A Guide for Systems Administrators

As systems administrators, one of our primary duties is maintaining the integrity and security of our systems and networks. However, even the most hardened of systems can be quickly compromised by exploiting an insecure application that is running on it. Nowhere is this more evident than on the web. The purpose of this paper is to provide systems administrators with a high-level overview of some of the major security considerations surrounding web applications that utilize Microsoft's Internet Information Server, SQL Server and Component Object Model (COM+), as well as links to in-depth technical information that expands upon the high-level topics discussed here. I will also discuss considerations for writing secure code, implementing secure DNS services, and packet filtering/proxy configurations. Finally, I will highlight and explain the need for more interaction between systems administrators and development staff during the initial planning and design phases of the development cycle.