Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Evan Mann (emannquestinc.org)
Date: Tue May 29 2001 - 14:57:39 CDT
Is there anything against just leaving the default service stopped? I do
this on my Win2K Server machine at home. I've been reluctant to delete it
entirely in the event that I want to look around at how it is set up by
default for some reason.
From: Ben Greenbaum [mailto:bgreenbaumsecurityfocus.com]
Sent: Monday, May 28, 2001 6:38 PM
Subject: RE: Why remove default web? (was RE: IIS 5.0)
> Wouldn't another strategy be to just set the default web site to some high
> numbered port, and not allow that port through the firewall? That way,
> there is no possible way to access the default site.
That would definitely be another strategy. Many people would describe that
strategy as "bad" :) Why leave an unneeded and vulnerable service running
at all? Putting it behind a firewall helps, sure - until somebody finds a
way through or around your firewall. Then they own that box pretty much
right away. Switching the port will delay the compromise for as long as
it takes the attacker to run a port scan.
I can't think of a legit business reason for leaving it, but I suppose if
it was truly needed for some reason (?) that strategy would be better than
Director of Product Development - SIA/VulDB