IIS 7.0 takes the security of a Web server to a level where administrators have absolute control over which IIS 7.0 components install allowing them to minimize Web server attack surface. The integrated processing allows form-based authentication to protect all types of content. The built-in request filtering and support for rules-based URL authorization offers additional layers of security.