Monday, December 19, 2005

Why run IIS on Windows XP?

http://ingehenriksen.blogspot.com discovered a Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit on Friday the 16th.
This lends to the debate whether or not a webserver on a desktop PC is a good idea. Obviously, developers have a strong opinion here, so consider the following: run IIS as localhost only, use Windows Firewall to block all web ports, and disable SMTP and Front Page extensions. Disabling Front Page extensions will prevent the above exploit even if the Windows Firewall is off.

No comments:

Toolsmith #126: Adversary hunting with SOF-ELK

As we celebrate Independence Day, I'm reminded that we honor what was, of course, an armed conflict. Today's realities, when we th...