Re: Which Router for VPN and Webhosting
From: BC (bconneely_at_yahoo.com)
Date: 09/22/03
- Next message: remove/valid: "MAKING YOUR COMPUTER SYSTEM SECURE AFTER IT’S BEEN COMPROMISED"
- Previous message: mhicaoidh: "Re: Discrepancies in port scanning = trouble?"
- In reply to: David: "Re: Which Router for VPN and Webhosting"
- Next in thread: Lars M. Hansen: "Re: Which Router for VPN and Webhosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Sep 2003 22:31:10 -0700
"David" <davidwnh@adelphia.net> wrote in message news:<6dkbb.1977$iT4.1467931@news1.news.adelphia.net>...
> The point is this Lars. If you are running a webserver you want to install a
> kernel, a webserver, and only the additional tools and software necessary to
> run and administer the webserver.
>
> Let's say another buffer overrun is found in IIS or one of the MS or third
> party isapi filters you use for dynamic content. An exploit is created for
> it which overwrites code in the IIS memory space that shovels a shell back
> to the hacker. Since IIS runs as system, and the cmd shell is actually being
> run on the server many things that are still installed on the server are
> still up for grabs. So disable what you can but if you can't uninstall it,
> one way or another much of it can be used against you to further a
> compromise. They have added access control for processes and various other
> new security features which should make it easier to secure against elevated
> privilege exploits, but history tells me someone will find the ways. It will
> be interesting to see if something is found with their new kernel mode
> http.sys driver. Only time will tell.
>
> With Linux you can put the webserver in a chroot jail. So after the initial
> exploit the hacker has no access to the rest of your system until they get
> out of the jail. And since you didn't leave them any tools in the jail cell
> to further their compromise, they have to find a way to upload them, get out
> of jail, and upload more tools because you didn't leave them squat to work
> with outside the jail either.
>
> The specific programs mentioned by another aren't the big problem, it is a
> bunch of the other stuff that is installed and cannot be removed. Initial
> break-ins aren't the problem, it is everything that is done afterwards that
> wreaks havoc.
Good explanation. Also Microsoft gives way, WAY too many priviledges
to the built-in apps like IE and WMP, which are constantly exposed
to external threats. IE especially has consistantly been the flimsy
door with the crummy lock.
-BC
- Next message: remove/valid: "MAKING YOUR COMPUTER SYSTEM SECURE AFTER IT’S BEEN COMPROMISED"
- Previous message: mhicaoidh: "Re: Discrepancies in port scanning = trouble?"
- In reply to: David: "Re: Which Router for VPN and Webhosting"
- Next in thread: Lars M. Hansen: "Re: Which Router for VPN and Webhosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
