Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Should webservers, eg. IIS 6 have anti--virus installed on them?

from [macleonard Starkey] Network Security [Permanent Link]
Subject: Re: Should webservers, eg. IIS 6 have anti--virus installed on them?
Date: Tue, 19 Jul 2005 09:00:46 +1000 
Should IIS have anti-virus installed on them. I know I would do it for a
fileserver but for IIS, I rather lock  it down.


Given that  IIS Servers are often externally facing, I would suggest
that AV software should be considered a higher priority for these
machines.

I often see IIS boxes compromised through vulnerable services, poor
coding or inadvertent misconfiguration.  Once compromised, the
attackers will install an ftp server, install a rootkit to hide their
warez/toolz, and probably use your box to scan other systems,
participate in a botnet, host phishing sites etc.

Of these, only the initial exploit code can really be considered, in
and of itself, malicious.  but AV software will often pick up the ftp
server, the rootkit (prior to installation) the vuln scanner, and if
you are lucky, maybe the phishing kit as well.

AV software on your IIS box can mean the difference between you
finding the above tools, and a CERT team asking you to remove them.

Some guidance is available on this subject from Microsoft:

Antivirus Defense in Depth Guide:
http://www.microsoft.com/technet/security/topics/serversecurity/avdind_0.mspx

Windows Server 2003 Security Guide (CH 8):
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Should webservers, eg. IIS 6 have anti--virus installed on them?, Delgado, Jacob M.
Next by Date:  RE: Should webservers, eg. IIS 6 have anti--virus installed on them?, Floyd Russell
Previous by Thread:  Re: Should webservers, eg. IIS 6 have anti--virus installed on them?, Michael Silk
Next by Thread:  SecurityFocus Microsoft Newsletter #247, Marc Fossi
Indexes:  [Date] [Thread] [Top] [All Lists]