Make your own free website on Tripod.com
Microsoft Home Microsoft Home
Microsoft FrontPage 2000 Server Extensions Resource Kit

Remote Administration


Remote Administration Security

Administering remotely generally makes your Web server more vulnerable because a wider community of users is given potential access to the Web server machine from the Internet. With FrontPage, this increases the risk that an unauthorized person could gain access to the FrontPage-extended webs on your server and modify web settings, or even delete webs. To prevent this, the following precautions are recommended:

  • Require a secured connection (such as SSL) to communicate with the Fpadmdll.dll or Fpadmcgi.exe. Since configuration information and  in some cases  user names and passwords are communicated over the network using these methods, a secured connection will prevent passwords from being read directly by network traffic spies.
  • Grant access to Fpadmdll.dll or Fpadmcgi.exe using the Web server's security system. Requiring a user to log on with a secure administrator account on the Web server prevents unauthorized access.
  • Require the use of a non-standard HTTP port for accessing Fpadmdll.dll or Fpadmcgi.exe. This will make it much more difficult for network spies to guess the URL of the HTML Administration Forms or the remote administration programs.
  • Use IP address mask restrictions to prevent unauthorized computers from accessing the HTML Administration Forms, Fpadmdll.dll, or Fpadmcgi.exe. Typically, all IP addresses not associated with the owner of the FrontPage-extended server to be administered are denied access.

 

See also

Activating Remote Administration on IIS 4.0 and 5.0

Administration

  BACK  TOP
 
  Last Updated June 1999
1999 Microsoft Corporation. All rights reserved. Terms of Use. Disclaimer