Re: Domain Account used for IIS6 Anonymous Account Risks?
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 22 Mar 2009 20:56:27 +1100
Hi,
In general there aren't any "known" vulnerabilities in Windows, IIS or probably your application that haven't been patched. But that said, there are always vulnerabilities coming up. Or alternatively someone may be able to guess a password, or something might be misconfigured, or someone who has internal access (e.g. an employee) might take advantage of their knowledge, or whatever.
As the purchaser, you're entitled to ask "why" the application needs to be configured this way. Generally an application that needs to connect to a database might need "datareader" and "datawriter" permissions to the actual database (and execute permissions on stored procedures). Possibly it might even need DBO (database owner) permissions on a single database. but unless the vendor can explain why the application needs Administrator privileges, your answer should be that your security policy calls for least privilege, and the vendor should tell you what the actual privileges required of the application are.
Cheers
Ken
"gdknox" <gdknox@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:74E0EDF2-F3DD-44AB-9FA4-EE242B531269@xxxxxxxxxxxxxxxx
Ken...
Thank you for your comment. Can you direct me to where I can obtain further
information, examples of exploitation? Horror stories and etc?
This is definately not my idea of a secure transaction enviroment, but I am
losing the battle with the vendor, who says that this is the "only" way their
application will run.
"Ken Schaefer" wrote:
Well the most obvious risk is that IIS knows the password for the xyzweb
account. If someone can get IIS to execute arbitrary code (e.g. by uploading
some of their own webpages) then IIS can connect to serverB using the
domain\xyzweb account, and that account has full privileges on serverB
Cheers
Ken
"gdknox" <gdknox@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0848C043-E0CE-4913-92B6-905CE66FB6E2@xxxxxxxxxxxxxxxx
> Here is the situation:
>
> Two servers: ServerA is a IIS6 server
> ServerB is a application server with a DB
>
> ServerA sits in public IP space, ServerB is in private with an access > list
> on a router allowing the two to communicate.
>
>
> ServerA is using a domain user account say “xyzweb” for the IIS > Anonymous
> user and has no elevated rights on this server.
>
> ServerB has this same domain account “xyzweb” in its local admin group.
>
>
> When joe-public accesses ServerA the anon account “xyzweb” accesses > data
> records from ServerB. Now this access is being done with com objects > or
> something of the sort.
>
> Knowing all of this and knowing that as far as the application vendor,
> this
> is the only way it will work….lets discuss risks:
>
> Any comments are most appreciated.
- References:
- Domain Account used for IIS6 Anonymous Account Risks?
- From: gdknox
- Re: Domain Account used for IIS6 Anonymous Account Risks?
- From: Ken Schaefer
- Re: Domain Account used for IIS6 Anonymous Account Risks?
- From: gdknox
- Domain Account used for IIS6 Anonymous Account Risks?
- Prev by Date: Re: iis 6 ssl redirect initial login encrypted?
- Next by Date: Failed to acquire the cryptographic context: 0x8009000f
- Previous by thread: Re: Domain Account used for IIS6 Anonymous Account Risks?
- Next by thread: SSL implenmentation in the IIS
- Index(es):
Relevant Pages
|
