:) More than likely.
ASB http://www.ultratech-llc.com/KB -----Original Message----- From: [EMAIL PROTECTED] [mailto:bounce-nt2000-136492@;ls.swynk.com] On Behalf Of James Winzenz Sent: Wednesday, November 13, 2002 10:49 AM To: NT 2000 Discussions Subject: RE: Securing Web server was RE: Active Directory Password Policy G rief. D - probably why Microsoft no longer has this as a recommended step for securing IIS 5.0 servers <G> James Winzenz, MCSE, A+ Associate Systems Administrator InovisTM, formerly Harbinger and Extricity -----Original Message----- From: Andrew S. Baker [mailto:ListMember@;UltraTech-llc.com] Sent: Wednesday, November 13, 2002 10:13 AM To: NT 2000 Discussions Subject: RE: Securing Web server was RE: Active Directory Password Policy G rief. A - %SystemRoot% is also in the path. Moving it there won't help B - Windows File Protection will keep the file around, if you don't delete it from DLLCACHE C - Just change the ACL instead of moving it. http://www.ultratech-llc.com/KB/?File=WFP.TXT ASB http://www.ultratech-llc.com/KB -----Original Message----- From: [EMAIL PROTECTED] [mailto:bounce-nt2000-136492@;ls.swynk.com] On Behalf Of Emmanuel Adebayo Sent: Wednesday, November 13, 2002 9:46 AM To: NT 2000 Discussions Subject: RE: Securing Web server was RE: Active Directory Password Policy G rief. Thanks for the contributions. I am not relying only on moving the tools; I have followed all other security measure but I successfully moved these in Windows NT but not Windows 2000; I was just wondering why? Having looked at my website logs, I find out that most attacks were initiated through windows\systems32\cmd.exe although they were unable to penetrate since the ACL does not not permit; I wanted to do the same for my webserver running W2k but..... I hope you all understand what I 'm saying now. Thanks. Emmanuel -----Original Message----- From: Depp, Dennis M. [mailto:deppdm@;ornl.gov] Sent: 13 November 2002 14:34 To: NT 2000 Discussions Subject: RE: Securing Webserver was RE: Active Directory Password Policy G rief. Actually in securing NT 4.0, Microsoft recommended either moving these files to a different location or setting more restrictive ACLs on these files. There was a hack for IIS called directory traversal. In this attack, the attacker utilizes the default location for webroot and the default location for the system files to traverse up the directory to c:\ and then back to cmd.exe. This can be done with no privledge elevation. If cmd.exe is moved, or if the IUSR account doe not have execute priveleges, the attacker is not able to exploit the directory traversal vulnerability. This is just one example of a known vulnerability. The next vulnerability may also utilize the known locations of certain tools. If the tools are moved, the attack is blocked. While I would not rely only on moving these tools, it is still a valid and effective defense. Dennis Depp -----Original Message----- From: James Winzenz [mailto:james.winzenz@;inovis.com] Sent: Wednesday, November 13, 2002 9:03 AM To: NT 2000 Discussions Subject: RE: Securing Webserver was RE: Active Directory Password Policy G rief. Honestly, if you have to worry about changing the locations of tools that hackers might use, then you have a more serious problem. Do you think that changing the location of cmd.exe is going to keep a hacker (who has already gotten in to your network) from finding it? Get real. Take a look at some of these articles for securing IIS instead of playing around with system tool locations: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt echn ol/iis/deploy/depovg/securiis.asp http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodt echn ol/iis/tips/iis5chk.asp A simple search on google for "securing IIS" gave a plethora of answers, these were both among the top ten. I am sure that there are many others, some of which may even do a better job of helping you to secure your webserver. But at least this is a start. James Winzenz, MCSE, A+ Associate Systems Administrator InovisTM, formerly Harbinger and Extricity -----Original Message----- From: Emmanuel Adebayo [mailto:emmanuel.adebayo@;humanelectric.com] Sent: Wednesday, November 13, 2002 8:44 AM To: NT 2000 Discussions Subject: RE: Active Directory Password Policy Grief. I am installing the system as a webserver and would like to remove all the tools that hackers uses from default location and place them else where then set the path in the environment. Thanks. -----Original Message----- From: James Winzenz [mailto:james.winzenz@;inovis.com] Sent: 13 November 2002 13:41 To: NT 2000 Discussions Subject: RE: Active Directory Password Policy Grief. 1. don't hijack threads 2. why? James Winzenz, MCSE, A+ Associate Systems Administrator InovisTM, formerly Harbinger and Extricity -----Original Message----- From: Emmanuel Adebayo [mailto:emmanuel.adebayo@;humanelectric.com] Sent: Wednesday, November 13, 2002 8:34 AM To: NT 2000 Discussions Subject: RE: Active Directory Password Policy Grief. Dear all, I tried to move cmd.exe from system32 folder in Winnt directory (Windows 2000 Server), after the move, I still find a copy of the file in System32. Any help? Regards Emmanuel ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
