Overview

Reports on sites such as alldas.org and antionline.org indicate IIS Web Servers are more vulnerable to attack than any other type of Web server. Web page defacements, denial of service, and worms of all sizes, shapes and colors have proven to be annoying, messy and costly to clean up. What's worse, attacks like these are becoming more frequent and sinister every day.

Securing Web servers is in and of itself a difficult challenge, but securing IIS Web Servers is even more challenging. An out-of-the-box deployment of an IIS Web Server would be better described as an "out-of-Pandora's-Box" catastrophe because IIS is by default installed on the system drive! Unless you, your Web developers and your Webmasters know specifically what threats exist and how to counter them, your IIS Web Servers will be easy prey for attackers.

Megamind is proud to offer this important and timely course, providing you with the comprehensive knowledge of Web server security you need to safely deploy Microsoft's HTTP/FTP server for Windows 2000 - - the Internet Information Services Web Server.

Highly technical in nature, the course starts with a review of the basics of IIS Web deployment and functionality what is present in each IIS version, directory structures, virtual servers, virtual directories, and so on. Next you will study areas of security-related vulnerability and the various security options available to you, including authentication, authorization, policies, users and groups and advanced capabilities such as SSL/TLS encryption. This is followed by an indepth look at integrating IIS with Windows 2000 security options and other security configuring options, network deployment options, security maintenance, and IIS Web application security. The course then wraps up with a discussion of advanced security issues such as certificate issuance and handling.

Pre-requisites

Because of the technical nature of the course, a basic knowledge of and practical experience with Windows systems and Windows security is required. Knowledge of Web server design and implementation will be helpful, but is not a prerequisite. Attendees are encouraged to bring a laptop with IIS installed, however it is not required.

About the Instructor
Dr. Eugene E. Schultz, Ph.D., CISSP

Dr. Schultz is a Certified Information Systems Security Professional, a Principal Engineer with the Lawrence Livermore National Laboratory in Northern California, and a Professor of Computer Science at the University of California at Berkeley. As an expert in information security, Dr. Schultz has authored three books and more than 90 papers on the topic, and serves as the Editor-in-Chief of Information Security Bulletin, a highly respected professional journal. He has received the Information Systems Security Association Professional Contribution Award and the NASA Technical Excellence Award.

Two years ago, Dr. Schultz was appointed the chair of the Presidential Commission on Critical Infrastructure Protection -- Intrusion Detection. While at Lawrence Livermore National Laboratory, Dr. Schultz founded the Computer Incident Advisory Capability (CIAC) for the U.S. Department of Energy, and has been called upon to provide expert testimony on issues related to information security before various U.S. Senate and House of Representatives subcommittees. Advisor to corporate chiefs around the world on computer security policy and practice, Dr. Schultz is considered to be one of the foremost experts of computer security.

Dr. Schultz currently teaches the following computer security courses for Megamind:
* Incident Response and Reporting
* Securing IIS Web Servers: Avoiding an IIS Catastrophe!
* Securing your Enterprise in the 21st Century
* UNIX Security (Intro, Intermediate, and Advanced levels)
* Windows NT Security (Intro, Intermediate, and Advanced levels)
* Windows 2000 Security