OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Russ (Russ.CooperRC.ON.CA)
Date: Tue Jul 24 2001 - 11:08:12 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    I've completed v1.0 of SecuredIIS.vbs, a Visual Basic script;
    http://ntbugtraq.ntadvice.com/download/SecuredIIS.zip

    which, using Windows Scripting Host, implements many of the
    recommendations from the;

    Microsoft Internet Information Server 4.0 Security Checklist
    http://www.microsoft.com/technet/itsolutions/security/tools/iischk.asp

    plus additional things I felt were prudent.

    The intent of this script is that it be given to owners of, and run
    on, IIS 4.0 servers which have been installed accepting the defaults.
    It should operate identically on NT 4.0 machines which have installed
    IIS 4.0 from the NT 4.0 Option Kit using the "Typical" installation
    of NTOK.

    Machines which were upgraded from IIS 2.0 (original NT installation),
    or IIS 3.0 may have remnants left behind which we'd like to remove
    (anyone noticing anything on such machines, please drop me a note).

    The basic system used for testing here is;

    NT 4.0 (no IIS)
    NT 4.0 SP6a 128-bit
    IE 4.0 SP2 (typical)
    NT 4.0 Option Kit (typical)
    MDAC_TYP (MDAC 2.1 upgrade)
    NT 4.0 SP6a 128-bit

    This setup creates an SMTP server, FTP server, Index Server, Windows
    Scripting Host (required for the script to work, but part of a
    default installation of NTOK), and FrontPage extensions.

    The script isn't intended to ask questions or provide options. If
    someone has sufficient knowledge to know what they want, or don't
    want, from their installation then they should be reading the
    Security Checklist above or altering their installation via the NTOK
    Setup program. Those that don't know, or don't want to know, can just
    double-click on the script and know that the most common security
    configurations are being done for them.

    The script also doesn't incorporate any Hotfix checking. This will
    come as part of a (near) future version.

    Version 1.0 does the following;

    Remove FTP Services and any virtual directories
    Remove the IISADMPWD virtual web directory
    Remove all IIS Samples
    Disable FrontPage on the Default Web Site
    Remove SMTP Services and any virtual directories
    Disable Parent Paths
    Remove Script Mappings for;
     .cer
     .cdx
     .htr
     .htw
     .ida
     .idc
     .idq
     .stm
     .shtm
     .shtml
    Remove SMTP Service
    Remove FTP Service
    Remove RDS Registry keys
    Set Jet ODBC to safe Sandbox mode
    Disable automatic NetBIOS shares
    Disable 8.3 DOS file generation
    Remove the Optional, OS/2 and Posix subsystems
    Hides the last logon name
    Establishes a logon notice
    Removes the Shutdown button from Logon dialog
    Restricts Anonymous access
    Deletes physical directories associated with;
     SMTP Service
     FTP Service
     IIS Samples
     IIS Password Change directory

    This version is being offered up for testing purposes only. Please be
    aware that there is no option to stop the process once it has been
    started.

    Suggestions, additions, comments should be sent to
    Russ.Cooperrc.on.ca. Some remnants of the SMTP and FTP service
    remain after running the script, primarily in the Content Index
    Service. I'm still checking into how best to handle this (or whether
    its a problem at all).

    I'm currently working v2.0 which will incorporate support for Windows
    2000.

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Privacy 6.5.2

    iQCVAwUBO12dbBBh2Kw/l7p5AQEVLgP/dyglsXpQEM7sVJSwxGlq4ehnMkR193X8
    IBMd/e8YB2QFpJ5kVaF1VXmrP+Jh8roF4SF1XifL9EWdxiBSJoDjEpg12tVOv0Jp
    sGPfl2cJW8ILOdqPbX/8sPsYlOr3V1OCvZ/Jmphk3C/YL0qHmfVKnU+khG1lPGJF
    O+4Sm+LOX2E=
    =/zp4
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------------------
    Delivery co-sponsored by Trend Micro
    ============================================================================
    TREND MICRO REAL-TIME VIRUS ALERTS
    If you would like to know about a virus outbreak before CNN and ZDNet get
    Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
    code to give your visitors a real-time top 10 list and the latest virus
    advisories. Setup takes just 10 minutes and requires no server-side code on
    your Web site. All content is updated automatically from Trend Micro's Web
    site.
    http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
    vinfo/
    ----------------------------------------------------------------------------