RE: How to best protect IIS server

[Jason Zann <jason.zann () maryville com>]

This is a product from Sanctum http://www.sanctuminc.com/ (formerly Perfecto
Technologies) that provides a way of scanning specific traffic going through
a firewall. example: If you allow HTTP traffic from the internet to a web
server, this product would sit between those two connections and allow
everything over port 80 to be interrogated. It is kind of like a firewall
that can determine if users are trying to side step login screens, insert
wild cards into web based forms (like the older cgi-bin hacks that were
popular a couple of years ago) and the like. An excellent product to sit in
front of a webserver.

> -----Original Message-----
> From: Marc Maiffret [SMTP:marc () eeye com]
> Sent: Wednesday, August 09, 2000 4:10 AM
> To:   Chris Keladis; Robert Collins
> Cc:   firewall-wizards () nfr net
> Subject:      RE: [fw-wiz] How to best protect IIS server
>
> Even checking for valid "http protocol" syntax would not help much
> considering most of the IIS holes use valid HTTP commands etc....
>
> Firewalls will not help you at all in protecting an IIS server. The only
> thing they will do is help protect the rest of your network when your IIS
> server gets broken into.
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eCompany / eEye
> T.949.349.9062
> F.949.349.9538
> http://eEye.com
>
>
> | -----Original Message-----
> | From: firewall-wizards-admin () nfr net
> | [mailto:firewall-wizards-admin () nfr net]On Behalf Of Chris Keladis
> | Sent: Wednesday, August 09, 2000 1:49 AM
> | To: Robert Collins
> | Cc: firewall-wizards () nfr net
> | Subject: RE: [fw-wiz] How to best protect IIS server
> |
> |
> |
> | -----BEGIN PGP SIGNED MESSAGE-----
> | Hash: SHA1
> |
> | At 10:22 AM 8/8/00 +1000, you wrote:
> |
> | >Actually the PIX can check that http protocol rules are being followed,
> | >which should stop things like telnet-in-http tricks.
> |
> |
> | Maybe i'm being naive here, but how could the PIX figure out
> | "telnet-in-http" from "browser-in-http" ... Or am i totally
> | missing the point??
> |
> |
> |
> | Regards,
> |
> |
> | Chris Keladis
> |
> | System/Security Administrator
> | Custom Management Centre
> | Cable & Wireless Optus.
> |
> | Phone: (02) 9775-5312
> | Mobile: (0402) 067-375
> | E-Mail: Chris.Keladis () cmc cwo net au
> |
> |
> |
> | -----BEGIN PGP SIGNATURE-----
> | Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> |
> | iQA/AwUBOZF9gCEx0akmf5vwEQK8UQCfe2j6kPIZV3xEg0Dbvp7BdM2w4cUAnR9S
> | KTDDcN49+9+jlanjWUjX8OKd
> | =Xgyz
> | -----END PGP SIGNATURE-----
> |
> |
> | _______________________________________________
> | Firewall-wizards mailing list
> | Firewall-wizards () nfr net
> | http://www.nfr.net/mailman/listinfo/firewall-wizards
> |
>
>
> _______________________________________________
> Firewall-wizards mailing list
> Firewall-wizards () nfr net
> http://www.nfr.net/mailman/listinfo/firewall-wizards

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards