Re: Should webservers, eg. IIS 6 have anti--virus installed on them?

From: macleonard Starkey (macleonard_at_gmail.com)
Date: 07/19/05

  • Next message: Floyd Russell: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?" 
    Date: Tue, 19 Jul 2005 09:00:46 +1000
To: ssgill@gilltechnologies.com

    > Should IIS have anti-virus installed on them. I know I would do it for a
    > fileserver but for IIS, I rather lock it down.

    Given that IIS Servers are often externally facing, I would suggest
    that AV software should be considered a higher priority for these
    machines.

    I often see IIS boxes compromised through vulnerable services, poor
    coding or inadvertent misconfiguration. Once compromised, the
    attackers will install an ftp server, install a rootkit to hide their
    warez/toolz, and probably use your box to scan other systems,
    participate in a botnet, host phishing sites etc.

    Of these, only the initial exploit code can really be considered, in
    and of itself, malicious. but AV software will often pick up the ftp
    server, the rootkit (prior to installation) the vuln scanner, and if
    you are lucky, maybe the phishing kit as well.

    AV software on your IIS box can mean the difference between you
    finding the above tools, and a CERT team asking you to remove them.

    Some guidance is available on this subject from Microsoft:

    Antivirus Defense in Depth Guide:
    http://www.microsoft.com/technet/security/topics/serversecurity/avdind_0.mspx

    Windows Server 2003 Security Guide (CH 8):
    http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Floyd Russell: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"

    Relevant Pages

    • Re: I hate IIS - "Server Application Unavailable" error message
      ... I would but there is not "Application Pools" underneath the local ... Did you install, at least, the Web or Standard versions of Windows Server 2003? ... except when you choose to install IIS on a domain controller. ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
      ... IIS key to an Intel SSL acelerator ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
      (Focus-Microsoft)
    • RE: Internet printing
      ... Configuring the IPP Print Server: ... (IIS is synonymous with PWS, Peer Web Services, which is what ... -This will install and configure basic IIS on the current machine. ...
      (microsoft.public.windows.server.sbs)
    • Re: No DHCP in administrative tools
      ... OK, we need to install the DHCP service, but we're gonna hold of a mo' on ... In computer management, expand IIS, expand websites, which sites do you ... SQL Server Config ...
      (microsoft.public.windows.server.sbs)
    • Re: OWA 403 Forbidden, POP3,
      ... Is there a way to just re-install the IIS components to a set of Default ... incorrect type of install of Trend not in a virtual directory was probably ... From your post, I understand you after you rebuild SBS Server, you ... Go to your "%SystemRoot%\IIS Temporary Compressed Files" ...
      (microsoft.public.windows.server.sbs)
    • Quantcast