Find, Fix Vulnerabilities

By Cameron Sturdevant  |  Posted 2001-10-29 Print this article Print

Get out the treasure map. bring along a stethoscope. hunting down IIS systems, especially inadvertently installed rogues, will take a methodical, plodding approach.

Get out the treasure map. bring along a stethoscope. hunting down IIS systems, especially inadvertently installed rogues, will take a methodical, plodding approach. However, an accurate network diagram and diagnostic tools can take some of the pain out of plugging IIS security holes.

Draw a map of the organizations network that shows where IIS systems are installed. HFNetChk, from Microsoft, can scan local or remote machines and indicate which patches have and have not been applied. This tool is hard to automate, and the output is difficult to use. Inventory management tools from Tally Systems Corp. and others can make this task a lot easier and less prone to error, by automatically surveying systems for a software "fingerprint." Although they require that an agent be installed on the target system, this is a small price to pay to keep tabs on critical systems. BindView Corp. makes a variety of bv-Control tools for Windows 2000. BindView products monitor server configurations specifically for changes to security settings. IT managers can then set configuration requirements and receive reports and alerts when systems are out of compliance.

Locate Windows 2000 servers that were automatically installed with IIS enabled but were not authorized by central IT. This will be a lot trickier. IT managers who suspect renegade systems are inside the firewall should start with the simple questions: Was a disk imaging system used to create production servers? If so, did the disk image include IIS, which is part of the default installation?

Send e-mail asking departmental administrators if they know of any IIS servers operating in their area. Its probably a good idea to offer an amnesty program to encourage people to turn in their unauthorized servers. CyberCop Scanner, from Network Associates Inc., can help IT managers scan the internal network for "responsive devices," including IIS. Match legitimate IIS systems with the CyberCop Scanner report and investigate all other found devices.

Read up on security threats and preventive measures. The "Hack Attacks" series by John Chirillo (Wiley Computer Publishing) and "Viruses Revealed" by David Harley et al. (McGraw-Hill) offer in-depth expertise on how systems are compromised while imparting fundamental practices that IT managers can use to protect network resources.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel