0471-6454555
9447387064
9847003556

No1 Training Institute in Kerala

IIS

Building a secure IIS Web server

      Class Discussion

      Sample attacks agains a classroom web server, and                                 post attack diagnostics

TRINITY TECHNOLOGIES

IIS configuration

    Access control: files, CGIs, MIME, personal accounts
    Authentication: protocols
    NTFS File permissions
    Server side script control
    Redirection, and virtual servers
    Log files and detection
    Directory Browsing
    SSL (TLS) and encryption 


 

TRINITY TECHNOLOGIES

Types of attacks

    Buffer overflows
    Input validation
    Access control: file system and TCP/IP Wrappers
    ASP,CGI, web scripting security 

TRINITY TECHNOLOGIES

Hacking

    Goals
    Hacking CIFS/SMB
    Privilege escalation when logged on interactively
    Obtaining an administrative command window
    Obtaining access via an administrative account 

TRINITY TECHNOLOGIES

Enumeration

    Enumerating system resources and users
    Netbios, DNS, SNMP, and Active Directory Enumeration
    Detecting and preventing enumeration 
 

TRINITY TECHNOLOGIES

Footprinting and Scanning Microsoft IIS

    Finding a target: DNS & WHOIS
    Finding a target: network reconnaissance
    Public information: news releases, website, search                               engines
    Scanning with ping sweeps
    Operating system detection and prevention 
 

TRINITY TECHNOLOGIES

Installing Windows 2000 Review Microsoft Security Internals Review

    File Systems - FAT, FAT32, NTFS
    Groups
    Shares and sharing
    Assigning security permissions and group/share                                   interaction
    SIDs
    Authentication and Access Tokens
    Active Directory and Group Policies
    Auditing 
 

TRINITY TECHNOLOGIES

Microsoft/IIS risks

    Microsoft system services
    File system access control
    Default Microsoft configurations 
    Default IIS configurations
    Microsoft checklists - OS, and IIS
    Service Packs, Hot Fixes 
 

TRINITY TECHNOLOGIES

Microsoft/IIS risks

    Microsoft system services
    File system access control
    Default Microsoft configurations 
    Default IIS configurations
    Microsoft checklists - OS, and IIS
    Service Packs, Hot Fixes 
 

Installing Windows 2000 Review Microsoft Security Internals Review

    File Systems - FAT, FAT32, NTFS
    Groups
    Shares and sharing
    Assigning security permissions and group/share                                   interaction
    SIDs
    Authentication and Access Tokens
    Active Directory and Group Policies
    Auditing 
 

Footprinting and Scanning Microsoft IIS

    Finding a target: DNS & WHOIS
    Finding a target: network reconnaissance
    Public information: news releases, website, search                               engines
    Scanning with ping sweeps
    Operating system detection and prevention 
 

Enumeration

    Enumerating system resources and users
    Netbios, DNS, SNMP, and Active Directory Enumeration
    Detecting and preventing enumeration 
 

Hacking

    Goals
    Hacking CIFS/SMB
    Privilege escalation when logged on interactively
    Obtaining an administrative command window
    Obtaining access via an administrative account 

Types of attacks

    Buffer overflows
    Input validation
    Access control: file system and TCP/IP Wrappers
    ASP,CGI, web scripting security 

IIS configuration

    Access control: files, CGIs, MIME, personal accounts
    Authentication: protocols
    NTFS File permissions
    Server side script control
    Redirection, and virtual servers
    Log files and detection
    Directory Browsing
    SSL (TLS) and encryption 


 

Building a secure IIS Web server

      Class Discussion

      Sample attacks agains a classroom web server, and                                 post attack diagnostics