Give us your URL. Maybe one of us can hack in let you know whatever holes
we find.
My CF checklist:
1) Remove docs and example apps from your server.
2) If possible, do not allow file uploads on your server. IF you do have to
allow them, drop them in a non-web-accessible directory until you verify
their validity.
3) Move your CF administrator to a separate HTTP port, and use web server
security as well on that port.
4) Disable shares, FTP and RDS. You probably need one of these in order to
move changes up, so lock it down as much as possible and watch any changes.
I would allow one FTP user for yourself, use a strong mixed password, and
change it often. If a cracker can get a .cfm file in your web root, you are
dead.
5) Make sure all your passwords are alphanumeric with some punctuation
thrown in, and as long as possible. L0phtCrack can crack NT passwords, but
this takes a lot longer.
These are the big ones I can think of.
Chris Evans
[EMAIL PROTECTED]
http://www.fuseware.com
-----Original Message-----
From: Nick Call [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 04, 2000 11:44 AM
To: [EMAIL PROTECTED]
Subject: Security holes revisited -- reward offered
Ok, fellow Listees, here's the deal...
My boss's daughter has a boyfriend.. (can you smell the trouble
already???). He is bent out of shape over the fact that I did not recommend
that we hire him (I interviewed him and gave his skill sets an honest,
thorough exam). He is good at A/V stuff, but his web experience/database
experience is null. Anyway, back to the situation...... He has convinced
the boss to pay him 2 grand to attempt to hack the system I built. He
claims to be a super hacker, blah, blah, blah. I am not too confident that
he can do it, but there is a small chance....
Multiple minds are better than one. I have gone over and over all the stuff
I know, but I am more than likely missing some stuff. Anyone care to share
their CF/NT/IIS security checklist or other advice?
It's escalated into all-out war. He is going to stop at nothing to make me
look bad, and I will stop at nothing to prevent him from succeeding.
Thanks in advance. I will custom print 5 free T-shirts with your logo (in
one color) on them if you give me advice that plugs up a hole that I didn't
know about.
Thanks in advance.
Nick Call
[EMAIL PROTECTED]
http://www.graphixonline.com
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
