> Can someone enlighten me as to the security risks involved
> with each and the pros vs cons? Would it be possible for
> someone to malicously execute a "FORMAT" of the server hard
> drive using any of the above options?
Conceivably, any rights that the CF server has could be used by someone who
can write or modify a CF script on the server. So, yes, if the CF server was
running in the local system security context, and someone put a script on
the server which used CFEXECUTE to format the hard drive, it would execute.
Fortunately for you, it's unlikely that anyone would do that. Unfortunately,
they'd instead use it to monkey around with your system in less noticeable,
but more useful (for them) ways. They might create new user accounts, or run
the FTP client to install L0phtcrack, or who-knows-what.
There are several approaches to this problem. One is to limit the scope of
the CF server's rights. You can do this by creating a user account for the
CF service with limited rights. There is an Allaire paper on this topic, I
think. Another is to use NT ACLs to prevent users from having rights to
modify scripts. Of course, there will always be some user account which can
modify scripts, so if that account is compromised, you're back to square
one.
The best steps you can take to prevent bad things from happening are:
1. Validate ALL stuff from the browser! Form fields, URL variables, cookies,
etc. Don't use any of these without making sure there's nothing bad in them
first.
2. Shield the CF server as best you can. Your web server shouldn't run any
services which increase its network vulnerability, such as FTP, telnet, etc.
It shouldn't run any services which aren't needed, either. Follow the
guidelines available from Microsoft, if you're running IIS, for configuring
your web server. Install only what you need. If you don't know what that is,
find someone who does.
3. Set up the ACLs, user accounts, and rights properly. If you don't know
how this should be done, get a professional - most experienced MCSEs will do
fine - to do it for you. A good source for learning about this is Steve
Sutton's book, "Windows NT Security Guide". He's also posted a useful
summary of that stuff at http://www.trustedsystems.com/.
4. Delete ALL sample code, datasources, default accounts, etc., that
installing NT, IIS, CF, or anything else you use might create. There are all
kinds of things that fall into this category. For example, many backup
software packages create a user account with backup operator rights, then
write the account info to a text file on the root of the system drive.
5. Follow the security lists pretty closely. If you're running NT, you
should be subscribed to the Microsoft Security Bulletin
(http://www.microsoft.com/security/), NTBugTraq
(http://ntbugtraq.ntadvice.com/ I think), and the ISS NT security list
(http://www.iss.com/), for starters. Of course, you're never done with this;
it's a constant process.
6. Back up early and often, check the reliability and validity of your
backups, and make sure you're storing enough archived data so that you can
roll back to before your systems were compromised.
7. Check your event logs often, and make sure you're auditing important
events: logons/logoffs, user right changes, etc.
8. If you're on an intranet, educate your users so that they don't reveal
their passwords or do other silly things.
9. Monitor your network using intrusion detection systems.
10. Make sure that your servers and networks are physically secure. It's
ludicrously easy to gain access to many corporate networks with a pair of
blue overalls, a toolbox, and a wad of chewing tobacco.
Note that this is a short list. There's a lot more. I think I covered most
of the big ones, but I'm sure someone else will point out any I've missed.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
