In present, web servers running on Internet Information Services Internet information service 6.0 are highly popular worldwide - thanks to the .NET and AJAX revolution for designing web applications. Unfortunately, it is also makes Internet Information Services web servers a popular target amongst hacking groups and almost every day we read about the new exploits being traced out and patched. That does not mean that Windows is not as secured as Linux. In fact, it's good that we see so many patches being released for Windows platform as it clearly shows that the vulnerabilities have been identified and blocked.
Many tools are available on the Internet which allows an experienced or a beginner hacker to identify an exploit and gain access to a web server. The most common of them are:
Secure the Operating System:
The first step is to secure the operating system which runs the web server. Ensure that the Windows 2003 Server is running the latest service pack which includes a number of key security enhancements.
UNICODE and CGI-Decode - where the hacker uses the browser on his or her computer to run malicious scripts on the targeted server. The script is executed using the IUSR_ account also called the "anonymous account" in IIS. Using this type of scripts a directory transversal attack can be performed to gain further access to the system.
IPP (Internet Printing Protocol) - which makes use of the IPP buffer overflow. The hacking application sends out an actual string that overflows the stack and opens up a window to execute custom shell code. It connects the CMD.EXE file to a specified port on the attacker's side and the hacker is provided with a command shell and system access.
Always use NTFS File System:
NTFS file system provides granular control over user permissions and lets you give users only access to what they absolutely need on a file or inside a folder.
Remove Unwanted Applications and Services:
The more applications and services that you run on a server, the larger the attack surface for a potential intruder. For example, if you do not need File and Printer sharing capabilities on your shared hosting platform, disable that service.
Use Least Privileged Accounts for Service:
Always use the local system account for starting services. By default Windows Server 2003 has reduced the need for service accounts in many instances, but they are still necessary for some third-party applications. Use local system accounts in this case rather than using a domain account. Using a local system account means you are containing a breach to a single server.
Rename Administrator and Disable Guest:
Ensure that the default account called Guest is disabled even though this is a less privileged account. Moreover, the Administrator account is the favorite targets for hackers and most of the malicious scripts out there use this to exploit and vulnerable server. Rename the administrator account to something else so that the scripts or programs that have a check for these accounts hard-coded fail.
Run MBSA Scan:
This is one of the best way to identify security issues on your servers. Download the Microsoft Base Line Security tool and run it on the server. It will give you details of security issues with user accounts, permissions, missing patches and updates and much more.
Latest Patches and Updates:
Ensure that the latest patches, updates and service packs have been installed for .NET Framework. These patches and updates fix lot of issues which enhances the security of the web server.
Permissions for Web Content:
Ensure that Script Source Access is never enabled under a web site's property. If this option is enabled, users can access source files. If Read is selected, source can be read; if Write is selected, source can be written to. To ensure that it is disabled, open IIS, right click the Websites folder and select Properties. Clear the check box if it is enabled and propagate it to all child websites.
Use Application Isolation:
I like this feature in IIS 6.0 which allows you to isolate applications in application pools. By creating new application pools and assigning web sites and applications to them, you can make your server more efficient and reliable as it ensures that other applications or sites do not get affected due to a faulty application running under that pool.
Summary
All of the aforementioned IIS tips and tools are natively available in Windows. Don't forget to try just one at a time before you test your Web accessibility. It could be disastrous if all of these were implemented at the same time making you wonder what is causing a problem in case you start having issues.
Final tip: Go to your Web server and Run "netstat -an" (without quotes) at the command line. Observe how many different IP addresses are trying to gain connectivity to your machine, mostly via port 80. If you see that you have IP addresses established at a number of higher ports, then you've already got a bit of investigating to do.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment