The FrontPage Server Extensions facilitate the rapid and easy development and administration of a potentially complex Web site. In the increasingly popular arena of electronic business and the Internet, this process is increasingly important. When connecting to the Internet, in any capacity, organizations and individuals assume significant security risks. When the focus of this connection is to conduct business, the risk is even greater. The FrontPage Server Extensions 2000 Security White Paper is provided to assist you in enhancing the security controls surrounding the FrontPage Server Extensions on your Web servers and to help mitigate many of the common security issues that are introduced by engaging in remote administration of a Web site.
The FrontPage Server Extensions 2000 Security White Paper contains security information compiled from an external Microsoft security review done by Price WaterHouse Coopers. This document presents the results of tests designed to evaluate the security controls for FrontPage Server Extensions. The approach used to evaluate FrontPage Server Extensions is discussed, and definitions of multiple test cases covering installation, configuration, penetration, and data capturing are provided. The configuration of the testing laboratory and its equipment used to evaluate this product is described, and a security checklist and baseline security configuration are presented.
This document attempts to accomplish the following tasks:
- Provide an evaluation of the Microsoft FrontPage Server Extensions
- Provide information regarding the nature of risks and threats
- Uncover specific potential vulnerabilities within the product
- Recommend countermeasures for mitigating the risk of any exposure
You should use this white paper in conjunction with other information, such as the Server Extensions Resource Kit (SERK) and your own critical assessment, to determine its effectiveness and appropriateness for your business environment. This white paper is one of several sources you can reference when attempting to configure and assess a Web server that is running FrontPage Server Extensions.
Use the following link to download the FrontPage Server Extensions 2000 Security White Paper.