RE: Options for securing a Public Webserver and Private Intranet on same server.

From: Tulchinskiy, Sasha (STulchinskiy@aspensys.com)
Date: 08/28/01

• Previous message: Amir Tal: "Help..."
• Maybe in reply to: Jonathon.Kalaugher@sbg-ap.com: "RE: Options for securing a Public Webserver and Private Intranet on same server."
• Next in thread: Andrew van der Stock: "RE: Options for securing a Public Webserver and Private Intranet on same server."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <966D241E5D22D411A31900805F6FED6303CD87CB@mailsvr1.aspensys.com>
From: "Tulchinskiy, Sasha" <STulchinskiy@aspensys.com>
To: "'Jonathon.Kalaugher@sbg-ap.com'" <Jonathon.Kalaugher@sbg-ap.com>
Subject: RE: Options for securing a Public Webserver and Private Intranet  on same server.
Date: Tue, 28 Aug 2001 11:19:56 -0400

Authentication will stop some automated scanners such as Code Red.

But you know that some of your accounts will be easily brute-forced and it's
important to:
1. Watch your security logs for failed log-ins (especially "Administrator")
2. Make sure the regular authenticated users don't have anything but local
Users permission.

Sasha.

-----Original Message-----
From: Jonathon.Kalaugher@sbg-ap.com
[mailto:Jonathon.Kalaugher@sbg-ap.com]
Sent: Tuesday, August 28, 2001 2:57 AM
To: ajv@e-secure.com.au
Cc: focus-ms@securityfocus.com
Subject: RE: Options for securing a Public Webserver and Private
Intranet on same server.

...

Question:

-Would the Logon dialogue box on the Intranet (which is the first thing
encountered when attempting to access the application) limit the
vulnerabilities the Intranet is susceptible to by "blocking" access to the
server until successful authentication is performed?

---

• Previous message: Amir Tal: "Help..."
• Maybe in reply to: Jonathon.Kalaugher@sbg-ap.com: "RE: Options for securing a Public Webserver and Private Intranet on same server."
• Next in thread: Andrew van der Stock: "RE: Options for securing a Public Webserver and Private Intranet on same server."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Constant Password Authentication ... domain and server name in the URL. ... confirm that the same authentication methods are checkmarked as compared to ... Within our organisation there are staff who are ... > Up until recently a company that has had access to our intranet had been ... (microsoft.public.inetserver.iis.security) RE: Windows authentication from ASP.NET to SQL Server ... The easiest way is to turn off anonymous access for the Intranet site. ... will force authentication, usually through a login box (although the network ... > intranet server and our database server, both of which are on our local ... > Successful Network Logon: ... (microsoft.public.dotnet.framework.aspnet) RE: Options for securing a Public Webserver and Private Intranet on same server. ... Options for securing a Public Webserver and Private Intranet on same server. ... (Focus-Microsoft) Re: NTLM Authentication on IIS 6.0 ... A couple of areas on the Intranet are restricted. ... Windows Intergrated Authentication enabled on the couple of pages that ... I use the administrator un/pw and that fails. ... server, it works everytime. ... (microsoft.public.inetserver.iis.security) RE: Options for securing a Public Webserver and Private Intranet on same server. ... Options for securing a Public Webserver and Private Intranet on same server. ... IIS has a long and colorful exploit history, and I don't see this abating ... (Focus-Microsoft)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-08