April Johnson wrote Tuesday, July 15, 2003 5:28 PM > I'm an exceptionally unhappy admin (and perhaps a little embarassed as > well). At this point I'm assuming it's impossible to adequately secure > IIS server with Frontpage extensions? I'll leave the "impossible" debate to others. Do your IIS and firewall logs show the method of compromise? Knowing the successful attack method could answer the question about whether this particular compromise could have been avoided. > What the server did NOT have: > -The POSIX subsystem was not removed > -The IIS lockdown tool was not run IIS Lockdown is normally a very big deal (unless you manually take care of everything yourself). URLScan would be on the critical list (with or without IIS Lockdown) unless you're screening input with another product. ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 14:41:15 PDT