Security Incidents mailing list archives
RE: Rash of navy web site defacements
From: Otto.Dandenell () iconmedialab com sg
Date: Sat, 2 Jun 2001 19:52:31 +0800
Andrew Thomas wrote:
As much as everyone has knocked M$ products, IIS in particular, most of the most recently released vulnerabilities are entirely avoidable *WITHOUT* the hotfixes in question. 1 - Go through the relevant MS issued security checklist (Securing IIS4 or IIS5) 2 - Set ACL's sensibly: why would IUSR/IWAM accounts need to execute anything in the winnt\system directory, or most places for that matter?
Actually, there are a few cases when the IUSR account should have execute permissions in the winnt\system directory. Most notably, java components called by ASP scripts should be placed in the winnt\system32\java\trustlib directory and registered with regsvc. That aside, your point is valid. Sincerely / Otto Dandenell
3 - remove extension mappings for handlers you don't need 4 - remove virtual directory mappings you don't need/the like (/msadc, /scripts, ...)
Current thread:
- Re: Rash of navy web site defacements Jay D. Dyson (May 31)
- <Possible follow-ups>
- RE: Rash of navy web site defacements Andrew Thomas (Jun 01)
- RE: Rash of navy web site defacements Andrew Thomas (Jun 01)
- RE: Rash of navy web site defacements Otto . Dandenell (Jun 02)