OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: MS LoopBack Adapter
From: Eric Bradway (Eric_BradwayBCBST.COM)
Date: Tue Jun 06 2000 - 10:16:16 CDT

I have been putting together some guidelines for my company to use in securing NT and IIS for an internet web server. I have tried to consolidate information I've gleaned from the Microsoft IIS 4.0 Security Checklist and the SecurityFocus 'Securing IIS' document with a few other single sources (RFP9907, et al.).

Howver, there are a few inconsistencies between the Microsoft document and the SecurityFocus document. In particular, Microsoft recommends leaving the Server or the Workstation service running and SecurityFocus recommends taking them both out. From personal experience, I've found that NT seems to operate better (with fewer incompatibilities) if you leave the Server and/or Workstation services in place.

To compensate for the vulnerability, I install the MS LoopBack Adapter on a separate subnet (we use a 10.X subnet on the LAN and DMZ and I put the LoopBack Adapter on a 192.168.X subnet) and disable the WINS from the external adapter.

Theoretically, this should allow NT to keep it's beloved Server and Workstation processes and remove any external vulnerabilities. Does anyone have any information to the contrary?

Eric Bradway, Web Architect
BlueCross BlueShield of Tennessee

  • application/x-pkcs7-signature attachment: mime.p7s_