Free IIS Security Forensic Analysis E-Book

From: Jason Coombs (jasonc_at_SCIENCE.ORG)
Date: 05/05/03

  • Next message: Nick Staff: "One way .net Passport authentication is flawed"
    Date:         Sun, 4 May 2003 12:32:16 -1000
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Aloha,

    After a year-long effort to conduct a thorough forensic analysis of Internet
    Information Services versions 4 through 6, I've recently released a 400-page
    e-book detailing my conclusions, findings, and security recommendations for
    administrators and programmers who work with IIS.

    IIS Security and Programming Countermeasures
    http://forensics.org/jasonc/iisforensics.zip

    FORENSICS.ORG is a non-profit computer forensics expert witness group. One of
    our missions is to provide affordable forensics services to the defense in
    criminal and civil court cases. We hope that this forensic guide to IIS
    security will be helpful as you decide what to do about your legacy IIS-based
    applications: migrate to IIS 6 or abandon IIS altogether?

    Feedback is welcome.

    Sincerely,

    Jason Coombs
    jasonc@science.org

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by IP3 Inc.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become
    TICSA certified.

    Do not miss your opportunity to discover solutions to what our participants
    have identified as their top 5 IT Security Challenges. You will return to
    work better prepared to put into place an effective security strategy
    utilizing the latest security tools, bookmarks and URL's.

    <http://www.ip3seminars.com>

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Nick Staff: "One way .net Passport authentication is flawed"