Re: Which Router for VPN and Webhosting
From: David (davidwnh_at_adelphia.net)
Date: 09/21/03
- Previous message: Dudhorse: "Re: Macs don't have viruses?"
- In reply to: Lars M. Hansen: "Re: Which Router for VPN and Webhosting"
- Next in thread: Leythos: "Re: Which Router for VPN and Webhosting"
- Reply: BC: "Re: Which Router for VPN and Webhosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Sep 2003 16:20:18 GMT
The point is this Lars. If you are running a webserver you want to install a
kernel, a webserver, and only the additional tools and software necessary to
run and administer the webserver.
Let's say another buffer overrun is found in IIS or one of the MS or third
party isapi filters you use for dynamic content. An exploit is created for
it which overwrites code in the IIS memory space that shovels a shell back
to the hacker. Since IIS runs as system, and the cmd shell is actually being
run on the server many things that are still installed on the server are
still up for grabs. So disable what you can but if you can't uninstall it,
one way or another much of it can be used against you to further a
compromise. They have added access control for processes and various other
new security features which should make it easier to secure against elevated
privilege exploits, but history tells me someone will find the ways. It will
be interesting to see if something is found with their new kernel mode
http.sys driver. Only time will tell.
With Linux you can put the webserver in a chroot jail. So after the initial
exploit the hacker has no access to the rest of your system until they get
out of the jail. And since you didn't leave them any tools in the jail cell
to further their compromise, they have to find a way to upload them, get out
of jail, and upload more tools because you didn't leave them squat to work
with outside the jail either.
The specific programs mentioned by another aren't the big problem, it is a
bunch of the other stuff that is installed and cannot be removed. Initial
break-ins aren't the problem, it is everything that is done afterwards that
wreaks havoc.
> Well, I'm a little uncertain why I would have to remove those. Neither
> are actively listening, and should only pose a threat if someone has
> physical access to the computer ...
- Previous message: Dudhorse: "Re: Macs don't have viruses?"
- In reply to: Lars M. Hansen: "Re: Which Router for VPN and Webhosting"
- Next in thread: Leythos: "Re: Which Router for VPN and Webhosting"
- Reply: BC: "Re: Which Router for VPN and Webhosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
