Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Auditing microsoft IIS 5/6.0

from [rajat swarup] Network Security [Permanent Link]
Subject: Re: Auditing microsoft IIS 5/6.0
Date: Wed, 29 Aug 2007 09:46:04 -0700 
On 8/28/07, Nikhil Wagholikar <visitnikhil@gmail.com> wrote:

Following are few things that needs to be checked when auditing
Microsoft IIS 5.0/6.0:

1. Use of NTFS file-system.
2. Review IIS and related Directory Permissions - By default Microsoft
OS gives Everyone full control.
3. Review access control for the 'IUSR_computername' account.
4. NTFS permissions on network connected drives (if any).
5. Users in Administrator's group. Review important and critical
accounts regularly. Delete unused accounts immediately.
6. Review correct set of Auditing and logging are enabled or not.
7. Assigning least level of permissions to browse internet.
8. Backing up critical files/folders/registry settings regularly.
9. Review security checks on base OS like Virus/ Trojans etc regularly.
10. Using most secured form of Authentication as possible.
11. Check for physical security of the Web server, like logical
access, biometric authentication etc.
12. Review password protection of screen saver. Define appropriate lockout 
time.
13. Check whether all the logs are reviewed regularly, preferably with
powerful log analyzers like Microsoft Log Parser (or any other
suitably).

More Information about auditing IIS, kindly refer:

1. IIS 5.0 Checklist:
http://www.google.co.in/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fskrasavi.ds.uiuc.edu%2FInfo%2FIIS%25205.0%2520checklist.pdf&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNF55KdOvcxWaEJ9gB4fhGy2lrmCrQ&sig2=e14zk0XWUErdtzT1WzdLFw
2. IIS Security Checklist:
http://www.google.co.in/url?sa=t&ct=res&cd=3&url=http%3A%2F%2Fwww.microsoft.com%2Fwindows%2Fwindows2000%2Fen%2Fserver%2Fiis%2Fhtm%2Fcore%2Fiisckl.htm&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNFhUW9s2QxMNW4w5OD4QcdhNf5_AQ&sig2=SSKRAn-rqCasUTCfZQLaWA
3. IIS Security Checklist:
http://www.google.co.in/url?sa=t&ct=res&cd=5&url=http%3A%2F%2Fwww.washington.edu%2Fcomputing%2Fsupport%2Fwindows%2FUWdomains%2FIISsecchecklist.html&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNFn4znBB2z-6sRYuYqsXTzTl_QUeg&sig2=mreulkLwaKDCdLN5h9mF3g
4. Checklist Securing Web Server:
http://www.google.co.in/url?sa=t&ct=res&cd=7&url=http%3A%2F%2Fmsdn2.microsoft.com%2Fen-us%2Flibrary%2Faa302351.aspx&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNEypyGH2h70wOuvvv1Ibe5mPbo1rQ&sig2=OJKBmeTS_MUB2chHwFvC7A




I also prefer to run locally or remotely Microsoft Baseline Security
Analyzer with the latest catalog file from
http://go.microsoft.com/fwlink/?LinkId=76054 using the following
options (that I got from MS Exchange blog):

mbsacli.exe /nd /nai /nvc /wi /catalog <path>\wsusscn2.cab /listfile
<path>\servers.txt
    /nd: To avoid any download from the Internet
    /nai: To avoid WUA updates on the workstation that run MBSA, but
also on remote servers.
    /nvc: To avoid check for new version of MBSA
    /wi: Permit to display all updates, even ones rejected by the WSUS
server. Particularly useful for Exchange admin not allowed binding
against SUS server.
    /catalog:<path>\wsusscn2.cab
    /listfile <path>\servers.txt : The servers.txt file contains
NetBIOS name or FQDN name list in column of all servers to be scanned.

This can find a whole bunch of patch related issues + the use of
restricted browsing etc on remote hosts.

HTH,
-- 
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Pen Test success rate, James Kelly
Next by Date:  RE: Fast UDP scan, Henderson, Dennis K.
Previous by Thread:  RE: Penetration tester or Ethical hacker future?, Paul Melson
Next by Thread:  Re: Auditing microsoft IIS 5/6.0, Slim Pickens
Indexes:  [Date] [Thread] [Top] [All Lists]