Re: Want to understand more of IIS Internet Security

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 02/19/03

• Next message: Karl Levinson [x y] mvp: "Re: ALL USERS ARE LOCKED OUT OF MY FRONTPAGE WEB SITES"
• Previous message: Atrax _: "Re: odd page when i open email"
• In reply to: Leon Lien: "Want to understand more of IIS Internet Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Wed, 19 Feb 2003 00:49:21 -0500

Yes, all of those things are possible and common.

Typical IIS hacks are described in the books Hacking Exposed, Hacker's
Challenge, and to some extent, Incident Response. [You might first check
out the book from the Honeynet Project, Lance Spitzner et al].

You might also check out places that describe actual attacks, such as
www.honeynet.org, www.incidents.org, www.mynetwatchman.com, www.sans.org/rr,
www.cert.org, www.takedown.com, etc.

What you'd probably see in a typical IIS buffer overflow attack would
probably show up in the IIS logs. Examples of IIS log files attacked by
certain worms like Code Red and Nimda are at:

http://securityadmin.info/faq.htm#iislogs2
http://securityadmin.info/faq.htm#iislogs

These buffer overflows are among the most common attacks against IIS, but
there are others that might not show up in the IIS logs. You might also
have to check the firewall logs and/or the intrusion detection IDS logs
[www.snort.org is free, for example].

A lot of hacking tends to change things that are noticable. For example, a
file change checker like the free SIC at www.gfi.com would detect suspicious
file changes. Other things you can do to look for hacking are at:

http://securityadmin.info/faq.htm#hacked

Ways to secure IIS and Windows are at:

http://securityadmin.info/faq.htm#harden
http://securityadmin.info

Last, you might also consider running the free web server at www.apache.org,
though you'd still need to know how to secure it [and Windows, if you were
running it on Windows] properly.

"Leon Lien" <leonlien@highstream.net> wrote in message
news:evEjNc81CHA.2868@TK2MSFTNGP12...
> Forgive my ignorance, but if a hacker hack into my IIS WEB Server or any
> Windows Server thru
> internet, what would he see ? and what could he do ?
>
> I mean, can he drop to DOS and use command line to do any file damage ?
> or Can he find out where my SQL server is , and pull information out of it
?
>
> I am planning to setup a Home base WEB business, just want to have an idea
> of
> what security should I do to protect my asset.
>
> Leon Lien

• Next message: Karl Levinson [x y] mvp: "Re: ALL USERS ARE LOCKED OUT OF MY FRONTPAGE WEB SITES"
• Previous message: Atrax _: "Re: odd page when i open email"
• In reply to: Leon Lien: "Want to understand more of IIS Internet Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint