Re: Nessus Scan Report Result Questions

From: BB (Bernard_at_3exp.com)
Date: 02/13/03 

From: "BB" <Bernard_at_3exp.com>
Date: Thu, 13 Feb 2003 12:40:37 +0800

You can use urlscan to mask it or servermask tool
will do as well.
Refer http://support.microsoft.com/?id=317741

but masking not really protect you. it just fool
some 'beginner' hacker, beside lot of the hacking
now is by program. they don't care.. they will just
send the the attack request.... and hope 1 will work.

refer this to secure your box.
Security

1) Start
To get the latest info regarding Microsoft products.
Microsoft Security
www.microsoft.com/security/

and remember to subscribe the security bulletin, this give you first
hand information about security issue related to Microsoft products.

Check your system patch status
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp
select your product and latest service packs you have, then hit the 'go'
button

2) Securing IIS Server
IIS Tools and Checklists
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp

Use MBSA and HFNetChk
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/hfnetchk.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp

HOW TO Install and Use the IIS Lockdown Wizard
http://support.microsoft.com/?id=325864

List of Services Needed to Run a Secure IIS Computer
http://support.microsoft.com/?id=189271

IIS 4.0
Practical Recommendations for Securing Internet-Connected Windows NT Systems
http://support.microsoft.com/?id=164882

Baseline Security Procedures for IIS 4.0 Server Builds
http://www.microsoft.com/windows2000/community/centers/iis/articles/021206.asp

IIS 5.0
Resources for Securing Internet Information Services
http://support.microsoft.com/?id=282060

IIS 5 HiSecWeb Potential Risks and the IIS Lockdown Tool
http://support.microsoft.com/?id=316347

Microsoft TechNet - Make your web server secure
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/chklist/wsrvsec.asp

Building and Configuring More Secure Web Sites
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/openhack.asp

3) Extra
Securing your IIS server is only part of you security policy or plan. IT
security cover few
areas, including network, application, physical and etc. You need to have
security policy
on network, such as firewall and intrusion detection system (IDS), antivirus
program, password
policy, log auditing and etc.

Windows Update
http://windowsupdate.microsoft.com

Securing Windows
http://securityadmin.info/faq.htm#harden

Security Recommendation Guides -- National Security Agency --
http://nsa1.www.conxion.com/

SAN
http://www.sans.org

Rgds.

"danny schelberg" <dschelberg@volt.com> wrote in message
news:uM78BJu0CHA.1764@TK2MSFTNGP10...
> This is some more info from the Nessus & nikto reports
>
>
> Informational https (443/tcp) The remote web server type is :
>
> Microsoft-IIS/5.0
>
> Solution : You can use urlscan to change reported server for IIS.
>
> XXX.XXX.29.33
> + Target Hostname: ?? (unable to resolve)
> + Target Port: 80
> ------------------------------------------------------------------------
> ---------------------
> This may not have been the same issue regarding tcp ID from the first
> post (which urlscan would correct)
>
>
>
> The SSL cipher issue from the earlier post is not clear also?
> -------
> - Scan is dependent on "Server" string which can be faked, use -g to
> override
> + Server: Microsoft-IIS/5.0
> + /xxxxxxxxxxabcd.html - The IIS server may be vulnerable to Cross Site
> Scripting (XSS) in er
> ror messages, see MS02-018, CVE-2002-0075, SNS-49, MS02-018, CA-2002-09
> (GET)
> + /_vti_pvt/access.cnf - Contains HTTP server-specific access control
> information, remove or
> ACL if FrontPage is not being used. (GET)
> + /_vti_pvt/linkinfo.cnf - IIS file shows http links on and off site.
> Might show host trust r
> elationships and other machines on network. (GET)
> + /_vti_pvt/service.cnf - Contains meta-information about the web
> server, remove or ACL if Fr
> ontPage is not being used. (GET)
> + /_vti_pvt/writeto.cnf - Contains information about form handler result
> files, remove or ACL
> if FrontPage is not being used. (GET)
> - 8500 items checked, 5 items found on remote host
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

Quantcast