Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
The Windows Internet Information Services (IIS) Server is an extensible web server that was created by Microsoft to be used on Windows operating systems. The earliest version of the IIS server was released in 1995, but the software has seen many iterations. Historically, new versions of the IIS server application have been released alongside a new version of the Microsoft operating system.
Apache, NGINX and IIS Server are the most commonly used web servers on the world wide web. Each one has its own advantages and disadvantages that set it apart from the competition.
Apache web server is an open-source, cross-platform web server application that was also released in 1995, the same year as the Microsoft IIS Server. Apache is highly versatile, running equally well on Windows, macOS, UNIX and Linux machines. Support for Apache users is readily available thanks to a large user base and a strong community of experienced users.
NGINX web server is an HTTP and reverses proxy server that can also function as an email server. It was initially written to solve the C10K problem which called for the development of a web server whose sockets were optimized to handle a large number of client requests concurrently. NGINX uses an event-driven architecture to handle thousands of requests simultaneously while using predictable amounts of memory - even when operating at near capacity. Due to its high performance and stability, NGINX is trusted by some of the world's busiest websites.
IIS web server is different from Apache and NGINX in one very important way. While the other two applications are open source, users of the IIS web server can access customer support directly from Microsoft Corporation. Although the IIS server lacks some of the customization options that are useful for Apache and NGINX, the IIS server does offer access to the .NET framework, support for a range of security features and authentication mechanisms and regularly released new feature modules called extensions.
When a web server receives a client request, that request must arrive at a communication endpoint known as a port. Port numbers are identified by a 16-bit unsigned number and always associated with the host IP address and the protocol type of the communication. When a request is sent using the HTTP protocol, the default port number is 80. For requests sent using the HTTPS protocol, the default port is 443. Configured email servers may use different default ports depending on the type of security certificate they use.
Web servers are limited in the amount of web traffic and requests they can process simultaneously. These limitations depend on the configuration and settings of the server, HTTP request typing, whether the content of the requested pages is static or dynamic, whether the content is cached, and on the computing power limitations of the host machine.
Cyber attackers can pursue several different methods of overloading a target web server, such as:
Distributed Denial of Service (DDoS) Attack
A DDoS attack is a type of malicious cyberattack whose goal is to overload a server with a large number of requests, leading to unplanned failure and downtime. A hacker might distribute a virus that infects thousands of host machines, then use those host machines to flood a targeted web server with large numbers of requests.
XSS Worms
XSS worms exploit security vulnerabilities in browsers to spread themselves to visitors of a specific website. If your website is infected by an XSS worm, users or customers that visit your page might be infected as well. XSS worms are commonly used to attack social sharing websites where users create profiles that contain their personal information.
Organizations that deploy IIS servers and other web server applications must be aware of the attack surface presented by these servers and take appropriate measures to secure their contents against cyber attacks. Additional measures are required for organizations that host sensitive data on IIS servers, especially those with industry-specific data security and privacy requirements.
With Sumo Logic, IT organizations can easily monitor and analyze event logs from IIS servers, web-based applications and throughout the public and hybrid cloud environments. Features like easy troubleshooting, advanced threat intelligence and user insights can help you minimize downtime and maintain the security posture of your IIS server
Reduce downtime and move from reactive to proactive monitoring.