Log4j Vulnerability Response Center. Get Informed Now

DevOps and Security Glossary Terms

IIS Server

What is an IIS Server?

A web server is a hardware or software server that can satisfy World Wide Web client requests over the Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol Secure (HTTPS) or any of several other related protocols. Most of us interact with web servers on a daily basis, regardless of what device or operating system we use to browse the internet. When you type a URL into the address bar of your preferred browser, what you're really doing is sending a request to the web server that hosts the website that you are trying to visit. The server response fulfills your request by serving you with the contents of the web page you requested to view.

The Windows Internet Information Services (IIS) Server is an extensible web server that was created by Microsoft to be used on Windows operating systems. The earliest version of the IIS server was released near 25 years ago on the 30th of May, 1995, but the software has seen many iterations with the latest stable release made available on the 2nd of October, 2018. Historically, new versions of the IIS server application have been released alongside a new version of the Microsoft operating system.

Apache vs NGINX vs IIS Server - What's the Difference?

Apache, NGINX and IIS Server are the most commonly used web servers on the world wide web. There has been intense competition between these three products for market share in the web server space, with webmasters readily changing their loyalties to take advantage of new features and updates.

In February 2016, a survey conducted by Netcraft found that Apache servers were the most common type deployed on the web with 33.56% of the total. IIS Server took second place with 28.95% of all deployments and NGINX placed third with 15.60% of all deployments. In September 2019, new data showed that NGINX had become the most popular web server with 31.56% of deployments, Apache had fallen to second place with 29.43% of all deployments and Microsoft IIS Server was now the third-most-popular with 14.71%.

Despite the rapid shifts in popularity between these three tools, each one has its own advantages and disadvantages that set it apart from the competition.

Apache web server is an open-source, cross-platform web server application that was also released in 1995, the same year as the Microsoft IIS Server. Apache was the most popular web server tool for the majority of its 25-year history, up until 2015 when Nginx and IIS Server started to capture more market share. Apache is highly versatile, running equally well on Windows, macOS, UNIX and Linux machines. Support for Apache users is readily available thanks to a large user base and strong community of experienced users.

NGINX web server is an HTTP and reverses proxy server that can also function as an email server. It was initially written to solve the C10K problem which called for the development of a web server whose sockets were optimized to handle a large number of client requests concurrently. NGINX uses an event-driven architecture to handle thousands of requests simultaneously while using predictable amounts of memory - even when operating at near capacity. Due to its high performance and stability, NGINX is trusted by some of the world's busiest websites including Capital One, Starbucks and Bank of America.

IIS web server is different from Apache and NGINX in one very important way. While the other two applications are open source, users of the IIS web server can access customer support directly from the Microsoft Corporation. Although the IIS server lacks some of the customization options that are useful for Apache and NGINX, the IIS server does offer access to the .NET framework, support for a range of security features and authentication mechanisms and regularly released new feature modules called extensions.

IIS Server Load Limits and Security

When a web server receives a client request, that request must arrive at a communication endpoint known as a port. Port numbers are identified by a 16-bit unsigned number and always associated with the host IP address and the protocol type of the communication. When a request is sent using the HTTP protocol, the default port number is 80. For requests sent using the HTTPS protocol, the default port is 443. Configured email servers may use different default ports depending on the type of security certificate they use.

Web servers are limited in the amount of web traffic and requests they can process simultaneously. These limitations depend on the configuration and settings of the server, HTTP request typing, whether the content of the requested pages is static or dynamic, whether the content is cached, and on the computing power limitations of the host machine.

Cyber attackers can pursue several different methods of overloading a target web server, including:

Distributed Denial of Service (DDoS) Attack

A DDoS attack is a type of malicious cyberattack whose goal is to overload a server with a large number of requests, leading to unplanned failure and downtime. A hacker might distribute a virus that infects thousands of host machines, then use those host machines to flood a targeted web server with large numbers of requests.

XSS Worms

XSS worms exploit security vulnerabilities in browsers to spread themselves to visitors of a specific website. If your website is infected by an XSS worm, users or customers that visit your page might be infected as well. XSS worms are commonly used to attack social sharing websites where users create profiles that contain their personal information.

Monitor and Analyze IIS Server Logs with Sumo Logic

Organizations that deploy IIS servers and other web server applications must be aware of the attack surface presented by these servers and take appropriate measures to secure their contents against cyber attacks. Microsoft does a good job of providing security updates and patches for the IIS server when new vulnerabilities are discovered, but additional measures are required for organizations that host sensitive data on IIS servers, especially those with industry-specific data security and privacy requirements.

With Sumo Logic, IT organizations can easily monitor and analyze event logs from IIS servers, web-based application and throughout the public and hybrid cloud environments. Features like easy troubleshooting, advanced threat intelligence and user insights can help you minimize downtime and maintain the security posture of your IIS server.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.