INSTITUTE : UIE

DEPARTMENT : CSE
Bachelor of Engineering (Computer Science & Engineering)
WEB AND MOBILE SECURITY (Professional Elective-I)
(20CST/IT-333)

TOPIC OF PRESENTATION:
IIS and LAMP servers.

DISCOVER . LEARN . EMPOWER

 Lecture Objectives

In this lecture, we will discuss:

•Introduction to IIS and LAMP
servers

2
 3

What is IIS?
• The term "IIS" stands for Internet Information Services, which is a general-purpose
webserver that runs on the Windows operating system. The IIS accepts and responds to
the client's computer requests and enables them to share and deliver information across
the LAN (or Local Area Network) such as a corporate intranet and the WAN (or Wide
Area Network) the internet.
• It hosts the application, websites, and other standard services needed by users and allows
developers to make websites, applications and virtual directories to share with their
users
• The webservers are commonly used as a portal for sophisticated and highly interactive
websites, applications that tie middleware and back-end applications together to make
enterprise-grade-systems. For example, AWS enables media services such as Netflix to
provide real-time streaming content. Amazon web services also enable public cloud
administration all through the webservers.
How IIS works

It works through several different standard languages and protocols. HTML is used for
creating a variety of elements. For example, texts, buttons, hyperlinks, and
direct/indirect behaviors.
The HTTP (or Hyper Text Transfer Protocol) is used for exchanging the information
between the two or more servers and users. 
HTTPS --HyperText Transfer Protocol Secure over the SSL (or Secure Sockets Layer)
-- uses SSL (secure sockets layer ) to encrypt the communication to add additional data
security. The FTP (or File Transfer Protocol ), or its secure variant, FTPS, can transfer
files.

4
Some of the ways that can be used to harden the IIS to avoid the security breaches are
listed below:
• Configuration of error pages should be done in such a way that they will display only
relevant information about the issues received. The error pages do not display
unnecessary information such as IP addresses of servers, user IDs and passwords or any
other type of information that can help hackers in exploiting the webserver.
• The "URL authorization" must be used in order to apply rules for specific requests e.g.,
dealing with a particular kind of URLs. URL authorization allows a company to
authorize only certain users to view the requested pages.
• Any feature of IIS that does not help in reducing the potential attack should be disabled.
• The access of domains and IP addresses must be controlled that can reach the webserver.
• Always use the firewall to ensure that only valid data package can reach the server.
• Whenever Windows gets an update, the Windows operating system should be updated
with the latest security patches.
• The logging must be used to manage the record of the visitors that access the webserver.
5
LAMP Server
LAMP is an open-source Web development platform that uses Linux as the operating system, Apache as the
Web server, MySQL as the relational database management system and PHP/Perl/Python as the object-
oriented scripting language.
Sometimes LAMP is referred to as a LAMP stack because the platform has four layers. Stacks can be built on
different operating systems.

6
LAMP Architecture
LAMP has classic layered architecture, with Linux at the lowest level. The next layer is Apache and MySQL, followed
by PHP.
Although PHP is at the top or presentation layer, the PHP component sits inside Apache.
The LAMP stack order of execution shows how the elements interoperate. The process starts when the Apache
webserver receives requests for web pages from a user's browser. If the request is for a PHP file, Apache passes the
request to PHP, which loads the file and executes the code contained in the file. PHP also communicates with MySQL
to fetch any data referenced in the code.

7
What is Apache?

• Apache, or to use its full royal title The Apache HTTP web server, is an open
source Web server application managed by the Apache Software Foundation.
• The server software is freely distributed, and the open source license means users
can edit the underlying code to tweak performance and contribute to the future
development of the program – a major source of its beloved status among its
proponents.
• Support, fixes and development are handled by the loyal user community and
coordinated by the Apache Software Foundation.

8
Web servers discussed in this chapter.
9
Differences between IIS and Apache

• The IIS is only available for the Windows Operating System, but the Apache can
be used on a variety of operating systems such as Mac, Linux, and Windows etc.
• The IIS has its own help desk to fix the issues, but in Apache's case, almost all of
its support is provided by the user community.
• Internet Information Services can also integrate with the other several offspring
or languages of Microsoft, such as ASPX scripting language.
• The security features of the IIS are more reliable than the Apache web server,
which makes it a better option than the Apache.

10
Accessing Web Servers

• Request documents from Web servers

• know the Host names
• Local Web servers
• Access through machine name or localhost
• Remote Web servers
• Access through machine name
• Domain name or Internet Protocol (IP) address
• Domain name server (DNS): Computer that maintains a database of host names and
their corresponding IP address

11
  Web Resources

• www.microsoft.com/msdownload/ntoptionpack/askwiz.asp
• www.w3.org/Protocols
• www.apache.org
• httpd.apache.org
• httpd.apache.org/docs-2.0
• www.apacheweek.com
• linuxtoday.com/stories/18780.html
• www.iisanswers.com
• www.iisadministrator.com

12
 References:
Books:
1. Web Design With HTML, CSS, JavaScript and jQuery Set, 1st Edition, by
Jon Duckett.
2. Hacking Exposed Web Applications, 3rd edition, Joel Scambray, Vincent
Liu, Caleb Sima, Released October 2010, Publisher(s): McGraw-Hill

Video Lectures :
3. https://www.techtarget.com/searchwindowsserver/definition/IIS
4. https://www.youtube.com/watch?v=vazRx1Ei8VA
Reference Links:
5. https://www.upguard.com/blog/iis-apache
6. https://www.h2kinfosys.com/blog/web-servers-apache-web-server-iis/
7. http://www.uh.edu/~smiertsc/2336itec/Deitel_21Ch.pdf
8. http://www.differencebetween.net/technology/difference-between-iis-and-
apache/
THANK YOU