locked
is IIS password authentification secure? RRS feed

  • Question

  • User-1381983164 posted

    Hi everybody,

    I need to publish a company website for our workers.

    I am somehow extremely over-cautious ( also because of Exchange ProxyLogon issue).

    If I only publish the SSL site to Internet and prevent anonymous acces and activate basic authentification, is that enough? (Server2019)

    I am worried about someone loging in without any credentials, like with the Hafnium/ProxyLogon Exploit.

    Greetings

    icram

    Tuesday, March 30, 2021 11:22 AM

All replies

  • User690216013 posted

    If I only publish the SSL site to Internet and prevent anonymous acces and activate basic authentification, is that enough? (Server2019)

    HTTPS + Basic authentication can only solve part of the security challenge, but they are far from enough.

    You still need much more measures (especially related to the site itself, like web framework/code) in order to achieve better security.

    Hire a security consultant so that he/she can help you out.

    Tuesday, March 30, 2021 7:23 PM