Secure Site Services

Security is not an afterthought at 1-WEB-DEVELOPMENT.COM — it is a core requirement built into every project from the ground up. Our consultants are trained in Windows NT security architecture, SSL/TLS implementation, and database permission management to ensure your site and its data are protected.

Windows NT and ASP

Active Server Pages (ASP) in IIS 3.0 affords us the same level of security that Windows NT itself offers. The benefit of this is the ability to develop Web sites tightly integrated with the Windows NT security model. Consultants at 1-WEB-DEVELOPMENT know how to develop a secure site where IIS and ASP run under Windows NT.

By leveraging NT authentication and NTFS file permissions, we ensure that server-side resources are accessible only to properly authenticated users and processes. This tight OS-level integration provides a security foundation that is far more robust than application-level security alone.

Security Check

Anything we do in Windows NT will involve some type of security check. If a user attempts to access a file or tries to log on to a workstation, a security check will happen. Windows NT security is based on the concept of accounts — both user accounts and group accounts. Every action taken on an NT system is performed in the context of a specific account, and the system verifies that account has permission to perform that action before proceeding.

Our consultants configure IIS, ASP, and the underlying NT environment so that these security checks work together seamlessly, providing layered protection at every tier of the application stack.

An Important Point: Access Privileges

An important point to note is that access privileges for any file requested are always checked. For a file to be safe from the general public, we need to restrict access to the file using Windows NT file permissions. This means applying the principle of least privilege: every account is granted only the minimum permissions required to perform its function, and no more.

Principle of Least Privilege: Every process, service, and user account operates with the minimum level of access needed. This limits the blast radius of any potential security breach.

Using Secure Protocol (SSL / PCT)

Consultants at 1-WEB-DEVELOPMENT will make sure that information transmitted between your server and your users is secure through the implementation of the Secure Sockets Layer (SSL) and/or Private Communications Technology (PCT).

SSL encrypts all data in transit, preventing eavesdropping, tampering, and message forgery. This is especially critical for e-commerce pages, login forms, and any page that transmits personally identifiable information. We handle the full SSL setup process including certificate acquisition, IIS configuration, and testing across major browsers.

  • SSL certificate procurement and installation
  • IIS HTTPS configuration and port binding
  • Mixed-content audit to ensure all page resources are served securely
  • Automatic HTTP-to-HTTPS redirect setup

Database Security

Each database has its own independent permissions system. In other words, being granted permission to perform a given task in one database has no effect in other databases. This isolation means that a compromised application account cannot automatically access data in other databases on the same server.

Our database security practices include:

  • Application-specific database logins with minimal necessary permissions
  • Stored procedure-based data access to prevent direct table access
  • Parameterized queries to eliminate SQL injection vulnerabilities
  • Encrypted connection strings in application configuration
  • Regular permission audits and access reviews

Secure Your Site Today

Contact our security consultants to discuss how we can help protect your web presence and your customers' data.

Contact a Security Consultant   Consulting Services ›