CYA Securing IIS 6.0: Cover Your A** by Getting It Right the First Time

Most people in the business world are likely familiar with the term "CYA", which is exactly what this book is designed to do. The authors intend that reading this book will give IIS administrators the information they need to keep their networks secure, and hence keep their jobs. This is the first CYA book I've read, and I was quite impressed by the nice balance between providing enough useful information without overkill. The book is designed to get right to the point by showing (not telling) exactly what is required in securing an IIS 6 installation. Each chapter is focused on a specific section of IIS security. Chapters cover topics as varied as Basic IIS security, Advanced IIS security, monitoring, and general Server 2003 hardening. Each chapter contains the some information on the Microsoft recommended procedure for the particular practice (what the authors call "By the Book"). Additionally, you will find many sections throughout the book labeled "Realty Check", which is designed to highlight how to either do something different from what Microsoft recommends or what some of the problems associated with the recommended procedure might be. Finally, "Notes from the Underground" popup frequently, which help illustrate how hackers might utilize poor security around the illustrated practice in order to gain something. I found the chapters to be well laid-out, easy to follow, and right to the point. This book helped provide some real insight to various security practices around IIS, and was quite interesting to read as well. This book is a must-have if you are responsible for monitoring or maintaining IIS 6 in your infrastructure. I am definitely looking forward to reading the next in the series of CYA books!

Thank you guys for an excellent book! I have been developing applications for IIS for many years and think you have done a great job in explaining how it all works. I also very much like the "reality check" concept. Keep up the good work!