Re: Active Directory and IIS on production servers, and clustering

anonymous99_at_hotmail.com
Date: 09/28/05

Next message: Brady McClenon: "RE: Active Directory and IIS on production servers, and clustering"

Previous message: Susan Bradley: "Re: Active Directory and IIS on production servers, and clustering"
Maybe in reply to: Derick Anderson: "Active Directory and IIS on production servers, and clustering"
Next in thread: Brady McClenon: "RE: Active Directory and IIS on production servers, and clustering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 28 Sep 2005 11:50:02 -0000
To: focus-ms@securityfocus.com

('binary' encoding is not supported, stored as-is) Derik,
I agree completely with your assessment. One suggestion, however, is that you might change your approach. In addition to quoting best practices, etc... you might want to discuss specific and distinct vulnerabilities, threats, and risks. Of course, if you can, specify a bottom-line dollar impact -- that always gets the attention of management. But mimimally, you might have better luck if you talk about what happens if an IIS buffer-overflow is used and someone compromises the server... and how likely is that to happen (e.g. would someone target you for corporate espionage, could a virus put you at risk, etc.)

I'll let you take it from there. Good luck!

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Brady McClenon: "RE: Active Directory and IIS on production servers, and clustering"

Previous message: Susan Bradley: "Re: Active Directory and IIS on production servers, and clustering"
Maybe in reply to: Derick Anderson: "Active Directory and IIS on production servers, and clustering"
Next in thread: Brady McClenon: "RE: Active Directory and IIS on production servers, and clustering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]