Arizona State University
 Windows Networking User Group

  Search:
  

WNUG Menu


Meeting Notes for April 1, 2004
    Announcements
    SMS 2003 project is happening. If anyone is interested in participating, send a note to Cecilia. She will add you to the distribution list. Tyler Farmer, from Microsoft, will be coming in around the first part of May to help us do an installation. Russ will provide servers and an area for this installation.

    May meeting will be presented by Cisco covering IPv6.

    IIS Security Presentation by Jeni Li
    Common types of attacks against web servers
    - Directory traversal

    • Code Blue
    • Effects
      • unauthorized file access
      • execution of command line commands
    - Buffer overflows
    • Effects
      • denial of service
    - Preprocessor exploits
    • CodeRed
    • Effects
      • denial of service
    - Application exploits
    • check logs for abnormal requests for executables (those you're not using in your application specifically)
    • REMOVE all sample applications that come with any web server
      • especially items in //iisadmin or /MSADC directories

    Harden the OS
    - Use Gold Standard or similar templates
    - Remove any unnecessary services (such as a mail service or FTP)
    - Keep the system patched
    - Keep the web service itself trimmed
    • eliminate unnecessary mappings
    • remove sample applications
    - Restrict file and URL access
    • only allow known good extensions
    • resolve URLs complete, then filter them
    - Hide what you can from the public view
    • eliminate the server header
    • modify or eliminate the content location head
    • bind te web service to the FQDN

    Be aware of general abnormalities with your web server
    - spikes in disk usage
    - unexpected or unusual traffic

    Tools for Securing IIS
    - Security configuration & analysis snap-in
    • add as a snap-in to MMC
    • select template(s) to use
    • scans the computer based on the template(s) used
    • configure the templates
    • save the templates and use for configuring other
    - good templates from NSA, NIST and Center for Internet Security (www.cisecurity.org)
    - IIS lockdown Wizard
    • www.microsoft.com/technet/security/tools/locktool/mspx
    • always view the template settings that have been assigned to a role (just to be safe before arbitrarily assigning a role to a service.
    • script maps - disable support for selected script maps
    • install URL scan filter on the server
    - URL Scan
    • can be configured to keep a log of error messages that have been encountered - very detailed and very helpful
    • modify or eliminate the content location head
    • bind te web service to the FQDN

    IIS 6
    - Better security & performance
    • not installed by default (install can be disabled by Group Policy)
    • specify what to install
    • runs without System context, has restricted NetworkService user instead
    - Upgrade issues
    • check permissions settings
    • Web service disabled on upgrade
    • recommend new install rather then upgrade
    - Gotchas
    • Windows 2003 Web Edition-limited, better to get standard edition
    • remote admin has multiple vulnerabilities already
    • inetinfo.exe

    Microsoft Operations Manager (MOM) 2005
    Allen Abrahamson, Principal Systems Engineer with National Technology Team
    - msi package for improved installation
    - improved setup and configuration
    - standard mmc interface
    - console operator view
    - enterprise configuration which can handle complex topologies
    - target delivery schedule - no firm date
    - increased event/performance management
    - agentless monitoring
    - rolling upgrades - can manage/monitor during the upgrade so there is no downtime for management
    - use pre-requisite checker to help ensure successful install
    - computer discovery wizard has improved - can restrict to forest and domain level but not sure about OU level, can also restrict by subnet
    - Tivoli certified
    - Free knowledge base built in for all Microsoft Products beginning with 2003
    - agentless monitoring
    - rolling upgrades - can manage/monitor during the upgrade so there is no downtime for management
    - use pre-requisite checker to help ensure successful install
    - computer discovery wizard has improved - can restrict to forest and domain level but not sure about OU level, can also restrict by subnet
    - Tivoli certified
    - Free knowledge base built in for all Microsoft Products beginning with 2003
    - System Center Suite (next version) to combine MOM and SMS. App Center is end of life.
    - Schedule ahead of time for planned outages
    - Schedule recurring maintenance windows
    - Reporting based on SQL reporting services
    - Questions - Can MOM do computer discovery by OU level>>Allen will find out. Russ will email him to obtain answer.
    - aabraham@microsoft.com




   
  Updated February 8th, 2005