resources and events that can help you keep your security knowledge
and skills up to date and keep your Windows and other systems secure.
=== SECURITY Q&A ===============================================
by Randy Franklin Smith, rsmith@ultimatewindowssecurity.com
Q: My company is interested in providing secure Internet access to
internal file servers, and the approach described in your article
"WebDAV for Remote Access," May 2006, InstantDoc ID 49847, sounds like
a good one. I tested your solution in my test environment and verified
that Internet access to the file server share is available and that
logon is required.
However, when I disallow WWW Distributed Authoring and Versioning
(WebDAV) through the Web Service Extensions node in IIS Manager and
reboot the Microsoft IIS server (to make sure the changes take effect),
Internet access to the internal file share is still available. So what
exactly is WebDAV supposed to be doing in this process? Do I really
need WebDAV to enable Internet access to an internal file server?
A: If you disable WebDAV, you can still access the Web server by using
the directory browsing access afforded by IIS alone. However, there are
two important limitations if you don't use WebDAV. First, you can't
upload new files or delete or rename files. Second, you have to
download documents via Microsoft Internet Explorer (IE) before opening
them in Microsoft Office.
However, if you enable WebDAV, users will be able to upload, delete,
and rename files like they would with a file server. Also, Microsoft
Office 2003 and some other applications will open and save documents
directly to the Web site by using the normal file open/save dialog box,
giving users virtually the same experience as they have when using a
local file server.
Other than those two functional limitations, there's no security
difference between using and not using WebDAV.
(This Security Q&A originally appeared in Security Pro VIP's
Access Denied column.)
=== SECURITY RESOURCES =========================================
The following security-related resources are brought to you by Windows
IT Pro. For additional resources and information, visit
http://list.windowsitpro.com/t?ctl=682B2:4160B336D0B60CB1597CEB5EF4DD4A7C
Is your company addressing the risks of email without diluting the
benefits of email? Download this guide today and find out what you can
do to realize the dramatic and quantifiable ROI that will move your
company quickly from analyzing options and seeking budget approval to
solving the problem with a solution that will pay for itself many times
over.
http://list.windowsitpro.com/t?ctl=682AC:4160B336D0B60CB1597CEB5EF4DD4A7C
Join Paul Thurrott for a deep dive into administering Windows Vista's
new security features with an emphasis on the new Group Policy settings
that are exposed by this release, including USB device blocking and the
new Microsoft Desktop Optimization Pack. On-Demand Web Seminar
http://list.windowsitpro.com/t?ctl=682AA:4160B336D0B60CB1597CEB5EF4DD4A7C
Combat phishing and pharming with complete protection against complex
Internet threats by filtering at multiple points on the gateway,
network, and endpoints.
http://list.windowsitpro.com/t?ctl=682AB:4160B336D0B60CB1597CEB5EF4DD4A7C
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=682AF:4160B336D0B60CB1597CEB5EF4DD4A7C
http://list.windowsitpro.com/t?ctl=682B1:4160B336D0B60CB1597CEB5EF4DD4A7C
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=682AE:4160B336D0B60CB1597CEB5EF4DD4A7C
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1597CEB5EF4DD4A7C
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=682B0:4160B336D0B60CB1597CEB5EF4DD4A7C
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=682AD:4160B336D0B60CB1597CEB5EF4DD4A7C
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment