Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Co-Hosting SQL with IIS FTP service

from [Laura A. Robinson] Network Security [Permanent Link]
Subject: RE: Co-Hosting SQL with IIS FTP service
Date: Tue, 25 Jul 2006 20:56:15 -0400 
I may have missed some contributions to this thread that aren't reflected
here, but why would you think that Chris' query implies that he is doing any
of what you suggest below? 

Laura 


-----Original Message-----
From: Steve Armstrong [mailto:stevearmstrong@logicallysecure.com] 
Sent: Tuesday, July 25, 2006 12:25 PM
To: chris.dalton@capitalonebank.com
Cc: focus-ms@securityfocus.com
Subject: RE: Co-Hosting SQL with IIS FTP service

Chris

Possibly not the best email to send from your employers email server.
It suggests you are using MS servers with IIS and FTP enabled 
backending, I would guess "on the same box" to MS SQL.

While you will get some information about the 
vulnerabilities, most here would expect you to keep your 
banks systems patched.  What you will get from this kind of 
forum is advise on patches to vulnerabilities that have been 
disclosed;  However, you will not get info on new exploits 
(the zero-day type hackers use against the likes of banks) on 
non-publicly disclosed vulnerabilities.  

Therefore, you will not be able to prevent exploits that MS 
is still working to patch.  With a disclosure regarding your 
infrastructure on such a public forum, you should watch your 
front facing Sy barriers for increased attacks aimed 
specifically at MS architecture.  Best give the IDS/IPS and 
incident staff a nod too.  I recognise you may be double 
bluffing, but I will bet you will still get a 100% increase 
in the MS exploits thrown at your FW and internet gateways.

As to your question, try secunia.com, www.osvdb.org and good 
old www.packetstormsecurity.nl

Steve A
 

-----Original Message-----
From: chris.dalton@capitalonebank.com
[mailto:chris.dalton@capitalonebank.com]
Sent: 25 July 2006 15:42
To: focus-ms@securityfocus.com
Subject: Co-Hosting SQL with IIS FTP service

Can anyone guide me as to what type of issues with 
inter-system dependencies might arise by co hosting IIS FTP 
service with SQL?


Anyone know of any articles on the exploits?


--------------------------------------------------------------
----------
---
--------------------------------------------------------------
----------
---


--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SecurityFocus Microsoft Newsletter #301, mfossi
Next by Date:  RE: Co-Hosting SQL with IIS FTP service, Jim Harrison (ISA)
Previous by Thread:  RE: Co-Hosting SQL with IIS FTP service, Steve Armstrong
Next by Thread:  RE: Co-Hosting SQL with IIS FTP service, Jim Harrison (ISA)
Indexes:  [Date] [Thread] [Top] [All Lists]