Both Windows and IIS were originally developed in more innocent times, before denial of service attacks, cyber terrorism, and the Nimda virus. For this reason, it’s understandable that each needs considerable configuration to be locked down. The .NET Framework, on the other hand, was developed in the dawn of the 21st century, when the challenges and importance of security was already well known. As a result, the default installation of both .NET version 1.0 (included with Microsoft Visual Basic .NET 2002), and .NET version 1.1 (included with Visual Basic .NET 2003) is designed to be secure. Unless you need to, you should not change the default. (Chapter 3 introduced you to scenarios where it makes sense to change the default ...