Re: Experts Only reply..Very risky security question..Experts invited
From: Landy Compton (lcompton_at_vertexconsult.com)
Date: Wed, 7 Jan 2004 06:01:18 -0800
On the pix use IP Audit to drop any connections it deems an attack and port map port 80 to the windows box so that only web traffic can get to the machine. Or you can filter any unwanted traffic with your access rules on the PIX if you are using a static map. DO NOT USE A STATIC MAP ON THE PIX IF YOU SETUP YOUR ACL TO ALLOW TCP ANY AND ARE TRYING TO CONTROLL TRAFIC WITH YOUR CONDUITS. WHEN YOU USE THIS METHOD IT PUTS YOUR MACHINE ON THE INTERNET WIDE OPEN TO ANY ATTACK ON ANY PORT THAT IS LISTENING ON THE IIS MACHINE. You can grad the PIX admin guide at Barnes & Noble and it will explain IP Audit and IP Port Map in detail.
At this point you will then need to make sure IIS is patched and there are no write capabilities to the root directory on each site.