Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Co-Hosting SQL with IIS FTP service

from [Phil Waller] Network Security [Permanent Link]
Subject: RE: Co-Hosting SQL with IIS FTP service
Date: Tue, 25 Jul 2006 17:24:44 +0100 
I would split those services if at all possible

I dont have any data to hand to backup this claim up, but i would suggest that 
this is a common sense approach?

Patches may become an issue - you may need to have a SQL box providing 24 x 7 x 
365 
You then need to patch the IIS component, and a reboot is needed, down goes SQL
You really want to reduce the attack surface of your systems, you wouldn't open 
up any SQL listeners to the whole world, but you would in an indirect way i 
assume if you use IIS FTP, [compromise FTP - stage an attack on the SQL 
service?]
Also what about data storage - FTP can if unechecked start to fill up disk 
space - if your SQL server is mission critical it could possib;y impact on this?

I wouldn't if i could help it - 

Others may disagree






-----Original Message-----
From: chris.dalton@capitalonebank.com
[mailto:chris.dalton@capitalonebank.com]
Sent: 25 July 2006 15:42
To: focus-ms@securityfocus.com
Subject: Co-Hosting SQL with IIS FTP service


Can anyone guide me as to what type of issues with inter-system dependencies 
might arise by co hosting IIS FTP service with SQL?

Anyone know of any articles on the exploits?

---------------------------------------------------------------------------

---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Co-Hosting SQL with IIS FTP service, chris . dalton
Next by Date:  RE: Co-Hosting SQL with IIS FTP service, Steve Armstrong
Previous by Thread:  Co-Hosting SQL with IIS FTP service, chris . dalton
Next by Thread:  RE: Co-Hosting SQL with IIS FTP service, Steve Armstrong
Indexes:  [Date] [Thread] [Top] [All Lists]