1 / 16

IIS Exploits and Hardening

IIS Exploits and Hardening. TEAM PAI: Pierce + Alex + Ian. Overview. What is IIS? History of IIS Popularity of IIS IIS Vulnerabilities Demo IIS Hardening. What is IIS?. IIS stands for Internet Information Services Web server software and feature extension modules for Microsoft Windows

tyrone-mooney
Download Presentation

IIS Exploits and Hardening

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IIS Exploits and Hardening TEAM PAI: Pierce + Alex + Ian

  2. Overview • What is IIS? • History of IIS • Popularity of IIS • IIS Vulnerabilities • Demo • IIS Hardening

  3. What is IIS? • IIS stands for Internet Information Services • Web server software and feature extension modules for Microsoft Windows • Accessed through the Microsoft Management Console or Administration tools

  4. History • Started as a research project and ended up being a free add on to Windows NT 3.5.1 • Almost every version of IIS is released with a newer version of Windows • IIS 7.5 is included with Windows 7 and contains command-line administration from PowerShell

  5. Popularity • Apache • nginx • IIS • Held 14% of servers in 2011 • Served 12% of data worldwide in 2011

  6. Vulnerabilities • MS01-033 • Used by Code Red worm (Buffer Overflow) • In IIS 6.0 Microsoft changed the ISAPI handlers which were supposedly the attack vector • IIS 6.0 also added "Web Service Extensions" which required administrator permission to have IIS launch any program

  7. Vulnerabilities • By Default IIS 5.1 and lower ran processes under the SYSTEM account which had superuser privileges • IIS 6.0 and above run in a "sandboxed" environment using a Network Service account which has very few privileges • IIS 6.0 also created a new kernel HTTP stack with a stricter HTTP request parser and response cache

  8. Vulnerabilities • As of June 2011 • IIS 7.0 had 6 resolved vulnerabilities • IIS 6.0 had 10 resolved vulnerabilities • 1 vulnerability still unpatched • In June 2007 Google found that the IIS market share was 23%. IIS servers however hosted 49% of the worlds malware • Inferred that the cause was pirated copies of Windows not able to obtain security updates • Microsoft's solution was to allow pirated copies to perform updates

  9. IIS 8.0 • Microsoft released with Windows 8 • Currently no published known vulnerabilities • Supported on Windows Vista, 7 and Server 2008

  10. DEMO! • ms01_023_printer vulnerability: printer request header overflow (Metasploit) • Disable internet printing, closes vulnerability • Simply an example of a typical IIS vulnerability • easy to find an exploit, easy to fix

  11. Hardening IIS • For IIS 5.0 and above: • IISLOCKD removes unnecessary features from IIS that might cause security risks • Simple to use tool provided by Microsoft • Removes certain virtual directories: • IIS Samples • Scripts • MSADC • IIS Admin • IIS Help • Sets Restrictive File Permission for guest account • Enables logging

  12. Hardening IIS • In General: • Disable the anon user • Uninstall unused modules • Disable unneeded features • Run each application in their own application pool • Anti-Virus Software and a Firewall are essential • Block unused ports • Update to the latest version of IIS

  13. Recap • What is IIS? • History of IIS • Popularity of IIS • IIS Vulnerabilities • Demo • IIS Hardening

  14. References - Questions? • http://www.sans.org/reading_room/whitepapers/win2k/harden-iis-web-server_217 • http://forums.iis.net/t/1127617.aspx • http://en.wikipedia.org/wiki/Internet_Information_Services • http://technet.microsoft.com/en-us/library/bb490831.aspx

More Related