Re: URLScan and Hacking
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/21/03
- Previous message: David Wang [Msft]: "Re: Blocking EXE"
- In reply to: jim: "URLScan and Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 21 Jun 2003 00:17:06 -0700
I'm not certain how one comes to the conclusion that URLScan "announces" its
presence. The only thing it does is reject requests with the same 404
response that IIS would have used. From a hacker's perspective, since they
know *nothing* about what's on a given system a priori, they can't tell
whether the 404 is "security induced" or not. Of course, they can do some
behavior matching and possibly *guess* that URLScan is installed, but so
what?
I'd think that if URLScan's presence alters hacker mentality, it'd be to
deter them. Suppose that URLScan "annouces" its presence in some manner as
determined by the hacker. If I was the hacker, I'd target those that show
no signs of URLScan because it's likely to be unmanaged and unpatched (owner
did not care enough to even put the basic free security tools onto the
server).
In these days of script automation, it's cheap for an attack to be
indiscriminant. So, arguments of "Security through Obscurity" simply will
not work. You'll get targeted regardless of whether you have URLScan
"announcing" its presence, so the only safe thing to do is to manage your
servers and stay up to date. The only way to gain this peace of mind is...
to be actually secure.
-- //David This posting is provided "AS IS" with no warranties, and confers no rights. // "jim" <tjnaz2001@yahoo.com> wrote in message news:062d01c336a9$72503d60$a101280a@phx.gbl... Hello, We're running IISLockDown and URLScan in our web hosting center. A co-worker asked about the risk of URLScan announcing its presence. My boss feels that since it can announce it presence, it invites us to be hacked more often. I feel that it has the opposite effect. Similar to seeing a "Beware of Dog" sign and seeing a big dog with teeth. You can get in but it will not be easy. Has anyone seen an increase in their servers being hacked since installing these 2 utilities? Has anyone had their machine hacked at all since installing these 2 utilities? I appreciate any input. Cheers.
- Previous message: David Wang [Msft]: "Re: Blocking EXE"
- In reply to: jim: "URLScan and Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
