Actually in securing NT 4.0, Microsoft recommended either moving these files to a different location or setting more restrictive ACLs on these files. There was a hack for IIS called directory traversal. In this attack, the attacker utilizes the default location for webroot and the default location for the system files to traverse up the directory to c:\ and then back to cmd.exe. This can be done with no privledge elevation. If cmd.exe is moved, or if the IUSR account doe not have execute priveleges, the attacker is not able to exploit the directory traversal vulnerability. This is just one example of a known vulnerability. The next vulnerability may also utilize the known locations of certain tools. If the tools are moved, the attack is blocked. While I would not rely only on moving these tools, it is still a valid and effective defense.
Dennis Depp -----Original Message----- From: James Winzenz [mailto:james.winzenz@;inovis.com] Sent: Wednesday, November 13, 2002 9:03 AM To: NT 2000 Discussions Subject: RE: Securing Webserver was RE: Active Directory Password Policy G rief. Honestly, if you have to worry about changing the locations of tools that hackers might use, then you have a more serious problem. Do you think that changing the location of cmd.exe is going to keep a hacker (who has already gotten in to your network) from finding it? Get real. Take a look at some of these articles for securing IIS instead of playing around with system tool locations: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt echn ol/iis/deploy/depovg/securiis.asp http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodt echn ol/iis/tips/iis5chk.asp A simple search on google for "securing IIS" gave a plethora of answers, these were both among the top ten. I am sure that there are many others, some of which may even do a better job of helping you to secure your webserver. But at least this is a start. James Winzenz, MCSE, A+ Associate Systems Administrator InovisTM, formerly Harbinger and Extricity -----Original Message----- From: Emmanuel Adebayo [mailto:emmanuel.adebayo@;humanelectric.com] Sent: Wednesday, November 13, 2002 8:44 AM To: NT 2000 Discussions Subject: RE: Active Directory Password Policy Grief. I am installing the system as a webserver and would like to remove all the tools that hackers uses from default location and place them else where then set the path in the environment. Thanks. -----Original Message----- From: James Winzenz [mailto:james.winzenz@;inovis.com] Sent: 13 November 2002 13:41 To: NT 2000 Discussions Subject: RE: Active Directory Password Policy Grief. 1. don't hijack threads 2. why? James Winzenz, MCSE, A+ Associate Systems Administrator InovisTM, formerly Harbinger and Extricity -----Original Message----- From: Emmanuel Adebayo [mailto:emmanuel.adebayo@;humanelectric.com] Sent: Wednesday, November 13, 2002 8:34 AM To: NT 2000 Discussions Subject: RE: Active Directory Password Policy Grief. Dear all, I tried to move cmd.exe from system32 folder in Winnt directory (Windows 2000 Server), after the move, I still find a copy of the file in System32. Any help? Regards Emmanuel ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
