RE: IIS 6 features
From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 11/05/03
- Previous message: Laura A. Robinson: "RE: IIS 6 features"
- In reply to: Eli Allen: "Re: IIS 6 features"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Eli Allen'" <eallen@bcpl.net>, "'Ross, Jason'" <Jason.Ross@GlobalCrossing.com>, <focus-ms@securityfocus.com> Date: Tue, 4 Nov 2003 22:33:51 -0500
> point 1) IIS6 can start up a failed proccess automatically
> so all new requests go to the new app pool but if it fails
> too many times in a row then rapid fail protection comes into
> place. This means a new app pool won't be created and will
> run a custom app or will just wait for human intervention to
> start back up.
Yes, there are subtle differences between rapid-fail protection, health
detection and application pool recycling. They all interweave, but they're
complementary proactive/reactive functions.
>
> If a site fails and starts back up repeatedly then this can
> take up lots of resources as has already been stated. So its
> best to DoS just one site on the box by IIS shutting it off
> then to DoS the entire box.
>
> point 2) A buffer overflow is generally a security exploit
> in terms of when its important. So you don't want someone to
> exploit one proccess and then effect the other proccess on
> the machine. So a hacker can get in but after they are in
> nothing happens.
Additionally, buffer overflows are reduced due to code checking in IIS6, and
even if an overflow should, say, crash a process in hopes of getting the
process to restart in the system context, that won't happen.
>
> point 3) Passport validates if the passport authentitation
> was correct. That passport auth then has to be tied to a user
> on your machine.
Small differentiation- they're tied to AD accounts.
Laura
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Laura A. Robinson: "RE: IIS 6 features"
- In reply to: Eli Allen: "Re: IIS 6 features"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
