secure pages, how?

[mrdance]

I am new to web and ISS. I want to have secure admin section on a site. I heard that usernames and passwords are easy to sniff unless if you have a secure connection. I've found that there are companies who's guarantee a secure connection if you send them money. I don't want to pay for a private site. It's not important to have

https://mysite.com.

Rather I could use

http://mysite.com:443.

It's just for my personal adminpages. What do I have to do to crypt my pages? I have added headers for port 443, but how do I make the connection secure?

Excuse me for my silly questions, but any information would be great!


Thanks / Henrik

 

[ARoethenmund]

Hi Hendrik

You have to do two steps:

1. Give to the administration directories only NT-Right to the administration-users

2. In IIS: Select Properties on the top of the administration-directories, choose the tap 'Directory Security' and then make sure that only the Checkbox 'Windows NT Challenge/Response is marked'

Then the password will also be encrypted. But you'll need Internet Explorer.

Good luck

Andreas

 

[mrdance]

thanks, but will it work remotely? and is the password encryption good? and what about the traffic, passwords in forms and so on?

 

[ARoethenmund]

Yes, it will work remotely. The encryption is good enough. But you can't use it in forms. If you need it in forms, you'll have to use SSL.

But still here, you don't have to buy a certificate from Verisign or so. With IIS 4.0 comes a Certificate Server. There you can create your own certificates.

I hope this helpes.

Andreas