Re: which firewall

From: SysAdm (wjones@sitesmith.com)
Date: 05/28/02


From: "SysAdm" <wjones@sitesmith.com>
Date: Tue, 28 May 2002 00:21:51 +0000 (UTC)


<chris@nospam.com> made me spit my tea out when he wrote in message
news:hcb3fugru6j4a9k2n6cpmhlgt69n6g7g4m@4ax.com...
>
> Big problem everyone here is missing is that a firewall is useless to
> protect IIS. You have to let requests through to port 80 right?
> Recall that a large majority of the IIS attacks are specially
> malformed get requests.
>
> -Chris

Firstly, this totally depends on the firewall you are using. example:
using checkpoint, you could create a URI for http with a path set to take
into account all the ref's nimda/code red search for eg. cmd.exe default.ida
etc etc
Cisco IOS FW set allows you to incorporate NBAR packet recognition (which
can also be used in the PIX) etc etc.

Secondly, any webhosted server is ONLY AS SECURE AS ITS WEAKEST POINT. A
server is configured by a *human* administrator (yes, even if its
autobuilt - someone would have created the autobuild).

IIS by *DEFAULT* is very unsecure (yes, as is winXX) *BUT ITS EASY TO SECURE
IT*.

This argument is an infinite loop. It goes round and round on this NG....
and it bores the hell out of me.

SysAdm