Just thought I would pass this information along for those running IIS and Windows NT/2000. I have 5 IIS servers on the net. All receive over 50 attempts a day from various IP’s. So far no one has been able to compromise any of my servers, even if I have not patched my servers with Microsoft’s latest patches. I have set up NTFS like most administrators, but I have taken the time to go thru all my files and folders and setup permissions manually. (Shouldn’t all administrators do this?) :-) What I did was add IUSR_machinename to some files and folders where an IUSR_machinename does not need access to or be able to gain access to other folders on the machine. Be default most files and folders will allow EVERYONE Read & Execute permissions. For example on the latest exploit for IIS that exploits the use of CMD.EXE I setup the permissions for IUSR_machinename to be denied or to just READ only with NO EXECUTE. I have had caught over 20 IP’s trying to use the UNICODE exploit from 05-05-2001 to 05-08-2001, all which was unsuccessful. So my point is, is that you should take the time to check/add/modify NTFS permissions accordingly for any Windows NT/2000 Server. Keeping up to date on the latest Microsoft Patches is another. Anyways I hope that this sheds some light for other Security Focus Administrators. For those who wish to use my services to protect your servers and information. You can reach me at my email below. Sincerely, Jay Ireland mailto:jirelandat_private
This archive was generated by hypermail 2b30 : Thu May 10 2001 - 17:08:10 PDT