|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
re: Patched IIS/frontpage host compromised 7-1-2003
From: Harlan Carvey (keydet89
yahoo.com)
Date: Wed Jul 16 2003 - 06:22:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
April,
> I'm an exceptionally unhappy admin (and perhaps a
little
> embarassed as well). At this point I'm assuming
it's
> impossible to adequately secure IIS server with
> Frontpage extensions?
I'm sure you're unhappy, but I'm more than a little
concerned that given your certs:
> April Johnson (CISSP, CCNP, MCSE)
...you're going to format the box w/o ever determining
how the box was compromised. You made several
statements in your post regarding what you found, but
there is nothing at all to indicate that the avenue of
infection was IIS w/ FrontPage extensions. You never
made mention of reviewing the IIS logs or any other
data on the system.
As a CISSP, you should be very well aware that
formatting and reinstalling a box w/o determining how
it was broken into could easily lead to the box being
re-compromised when you stand it up again.
I'd like to assist you w/ this, but it's likely you've
already formatted the box by now...
Harlan
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]