Thursday's Security related nugget..

Although not specifically about security, today's pointer is to a great Internet Information Server (IIS) 7.0 presentation.  IIS has had some bad press over the years, but has been a rock solid web server since we shipped Windows Server 2003 - there has only been one critical security update for it since it shipped (and even that was in a feature that is not installed by default).

IIS 7.0 is the new web server in Windows Server 2008 (it also exists, in a cut down form, in Windows Vista).  This one hour and seven minute session introduces IIS7 and highlights why it is even more secure (and easy to manage):

Microsoft’s Next Generation Web Server:What’s New in IIS 7 for IT Pros

Isaac Roybal, Product Manager, Windows Server, Microsoft Corporation

This overview session will highlight the key points of interests for IT Pros in Internet Information Services version 7.  IIS7 modularity increases security by allowing a reduced installation footprint and creation of specialized, streamlined servers. Application Pools are now “sandboxed” by default.  You’ll see how IIS7 eases administration with a new IIS Manage UI, delegated administration, and new tools for automating administrative tasks. Applications run more reliably as they are easier to troubleshoot with built in tracing and diagnostics. Finally, multiple servers can use a single configuration file with the shared configuration feature for web farms.

Enjoy,

Dave.