Could you describe how an IIS Web application pool works? How do Web application pools relate to enterprise security, and are they a worthwhile feature to utilize?
An IIS Web application pool is a feature worth implementing on any IIS Web server running multiple applications or sites, as it can isolate applications from each other even though they are being hosted on the same server. It can improve the overall reliability of the server and the applications running on it, and can be used to improve security as well.
An application pool is a group of one or more applications, as defined by their URLs, that share the same worker process. A worker process runs the website. Each application pool has one or more worker processes. The worker processes are unique to the application pool and are not shared across application pools.
As each worker process operates as a separate instance, it provides a process boundary so an application in one application pool isn't affected by problems in another pool. If an application crashes or has a memory leak, it won’t affect other sites in other application pools, as each application pool has its own worker process and server resources.
Multiple application pools can operate at the same time, each configured differently in terms of resource usage and can even been shut down after a period of inactivity until it is needed again. CPU monitoring can prevent a site from hogging the server’s CPU, and worker process recycling replaces the instance of an application in memory, helping to keep problematic applications running smoothly and minimizing problems, such as memory leaks.
Not only do multiple application pools increase the availability of applications, but they also help security. For example, you may want to create a separate application pool for each application that requires a high level of security, while allowing applications that require a lower level of security to share the same application pool. This type of configuration lets you make use of Application Pool Identities, which allow you to run application pools under a unique virtual account without having to create and manage domain or local accounts, a method that is often tedious and inadequate for establishing the ideal levels of privileged access.
By default, worker processes run under the local NetworkService account, a built-in Windows identity with relatively low-level privileges. Although running services with a low-privileged account is good security practice, a lot of Windows system services run using this account as well. Any service running as NetworkService could possibly access other NetworkService-owned services. As IIS worker processes typically run customized code, such as ASP.NET and PHP, they should be separated from other Windows system services by using a different application pool identity.
I certainly recommend you customize your application pools and use different identities to achieve the degree of application isolation you need for your particular environment.
Dig Deeper on Web Server Threats and Countermeasures
Related Q&A from Michael Cobb
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking ... Continue Reading
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.