Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

from [Gareth Humphries] Network Security [Permanent Link]
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on them?
Date: Thu, 21 Jul 2005 12:24:58 +1200 
Harlan, et al:

I think the points most people are making here can be summed in a
simple scenario:

 - 2 companies install webservers - both use identical OS's and IIs
versions.  Both folow all a dilliegent process of securing the box, such
that IIS is the only service running, port 80 is the only port open. 
They both follow an identical, very thorough process, except that 1
installs AV software, the other doesn't.
 - An exploit is discovered and disclosed in IIS before MS have a
chance to patch.  Lets say a buffer overflow in the "content:" tag. 
Unlikely and simplistic, but quite suitable for our purposes.  (the
point being, you can't trust 3rd party software)
 - Some black-hat kiddie finds the exploit code, wraps a stock rootkit
up in it, and sends it into the wild.
 - It hits both of our theortical organisations webservers, and
exploits successfully on both of them.
 - The webserver with AV software detects the rootkit, and cleans the
file/notifies the admin/whatever.
 - What happens to the system without AV software is left as an
exercise for the reader (clue:  0wnAg3)

Not an unlikely scenario, I'm sure you'll agree.

No amount of lock-down can protect you from a vulnerability in the
service you are deliberatey exposing - AV software can.  Not all the
time, granted, but sometimes.  And sometimes is a hell of a lot better
than never in my books.



Gareth Humphries
IT Specialist
IBM New Zealand Ltd

______________________________________________________________________________________________________

This message contains information, which is confidential and may be subject to 
legal privilege. 
If you are not the intended recipient, you must not peruse, use, disseminate, 
distribute or copy this message.
If you have received this message in error, please notify us immediately (Phone 
0800 665 463  or info@linz.govt.nz) and destroy the original message.
LINZ accepts no responsibility for changes to this email, or for any 
attachments, after its transmission from LINZ.

Thank you.

______________________________________________________________________________________________________

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: Should webservers, eg. IIS 6 have anti--virus installed on them?, Gareth Humphries <=
Previous by Date:  RE: Should webservers, eg. IIS 6 have anti--virus installed on them?, Brady McClenon
Next by Date:  RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?, Altheide, Cory B. (IARC)
Previous by Thread:  RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?, Brunner, Mark
Next by Thread:  RE: Peter Gutmann data deletion theaory?, Jeremy Epstein
Indexes:  [Date] [Thread] [Top] [All Lists]