Understanding IIS
IIS, or Internet Information Services, is a collection of services that are designed for servers. It was developed by Microsoft, and is designed to be used by servers that are running the Windows operating system. As of this writing, ISS offers support for NNTP, SMTP, HTTP, and FTP. When IIS was first developed it was intended for use with Windows NT 3.51. However the next version to be released would include support for Windows NT 4.0. The third version of IIS introduced Active Server Pages, a system that uses dynamic scripting. The latest version of IIS was introduced in 2003, and it will be supported by Windows Vista as well.
When IIS was first released, it had a number of security problems. Some of these problems were exploited by worms such as the Code Red worm. Microsoft has worked to eliminate many of these vulnerabilities since the release of this program, and while some of the security issues have been resolved, the system has not been perfected. Microsoft plans on making the program perfectly secure by modularizing many of the elements that make up the system. When the upcoming Windows Vista is released, Microsoft plans to include the 7th version of IIS. It will use a modular based system, and it will also use a centralized web server engine.
One of the most impressive aspects of this release is that it will allow functionality to be extendable via the use of specialized modules. Just a few of the features that will be available with the server are Content Modules, Caching Modules, HTTP Modules, and Security Modules. Perhaps one of the most revolutionary changes in the upcoming release of IIS 7 is the extensive use of XML files. All of the information that will be utilized by web servers will be available in this file format. In previous versions of IIS, the metabase has been used extensively. The new servers uses what is called a global configuration unit. This unit will showcase the defaults and document roots for virtual web documents.
While IIS has had a number of problems in the past, Microsoft promises to fix these issues with the upcoming release. The interface for the adminstration will be rewritten, and it will be compatible with MMC attributes such as asynchronous operation. In addition to this, IIS 7 will be high integrated with ASP.NET. Previous versions of IIS allowed things such as the execution of commands via server side includes. They also supported things such as Microsoft Passport. The upcoming version of this program will not allow these things. One of the reasons why exploits were able to move about freely on older versions of IIS is because many of the attributes were processed via the System account.
However, the introduction of IIS 6 solved this problem. The requests were conducted via the Network Services account instead, and the number of privileges were greatly reduced. While this is unfortunate, it is necessary because it stops an exploit from endangering the entire system. The HTTP request parser is notable for offering both dynamic content and static content.