Important: |
---|
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
The Web Server is designed to run over a network and function as an extensible network server. This topic covers the security risks and best practices for configuring the web server.
The Web Server has the following potential security risks:
- The Web Server is designed to run over a network. If the device
is run over a public network, such as the Internet, and the
security of the device is compromised, it could expose the device
or the local network to the public network.
- The Web Server is designed to function as a network server. If
the security of the Web Server is compromised, it could expose the
device or local network to multiple remote clients.
- The Web Server is extensible. If the extensions do not use
proper security and authentication procedures, they could
compromise the security of the device or the local network.
Best Practices
Limit deployment to ten connections simultaneously
A typical deployment uses a Web Server in a private network to provide a remote user interface to configure a headless device. The registry defines the number of connections and when the MaxConnectionsregistry value is not set, the registry limits the number to 10.
Do not use the Web Server to perform critical operations
A typical deployment uses the Web Server to display status information or to host a family or community Web site. You should not use the Web Server to perform critical operations, such as machine control or financial processing.
Use authentication
Use the NTLM or Basic authentication mechanism to limit access to known users only. You can set the option in the HKEY_LOCAL_MACHINE\COMM\HTTPDregistry key. For specific security information, see Base Registry Settings. For more information about authentication, see Web Server Authentication and Permissions.
Use Secure Sockets Layer (SSL)
The SSL protocol helps to protect data from packet sniffing by anyone with physical access to the network. For more information, see SSL Support.
Use user access lists
Carefully choose your virtual roots and limit access to the appropriate files by providing appropriate user access lists. Anonymous users with access to the virtual root may be able to access files and directories within that virtual root. You can set the options in HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTSregistry key. For specific security information, see Setting Virtual Paths. See also Web Server Authentication and Permissions.
Default Web Server Registry Settings
You should be aware of the registry settings that impact security. In the registry settings documentation you will find a Security Notefor those values with security implications.
For Web Server registry information, see:
Web Server Ports
The following table shows the ports that the Web Server uses, for details see Web Server Registry Settings.
Port number | Registry values |
---|---|
80 |
Portvalue in HKEY_LOCAL_MACHINE\COMM\HTTPD |
443 |
Portvalue in HKEY_LOCAL_MACHINE\COMM\HTTPD\SSL |
See Also
Concepts
Web Server Registry SettingsWebDAV Security
Web Server Registry Settings