New tool from MS for IIS
I get these email newsletters from and I thought I would just post this to you for those that are interested: - IIS Answers Bulletin URLScan Tool Released by Microsoft In response to security concerns about IIS, Microsoft released today a tool called URLScan that could be a valuable security asset.
I get these email newsletters from www.iisanswers.com, and I thought I would just post this to you for those that are interested:
-------------------------------------------------------
IIS Answers Bulletin
URLScan Tool Released by Microsoft
http://www.microsoft.com/downloads/release.asp?releaseID=32571
--------------------------------------------------------
In response to security concerns about IIS, Microsoft released today a
tool called URLScan that could be a valuable security asset. It is an
ISAPI filter (consequently, it will always run in process), that will
analyze an incoming request and screen them according to a ruleset created
by the administrator. This is the same kind of technology used by
IISSecure created by Eeye which has proven to be an effective security
tool. It would be ideal if a malformed or suspect URL never reached IIS
for processing in the first place. Nevertheless, in the interests of
layered protection, should a firewall or Intrusion Detection Software be
defeated, IIS itself would be inspecting packets according to provided and
customized rules.
URLScan is an ISAPI filter and as such, must be crafted carefully. There
are scalability and concurrency issues associated with ISAPI filters that
Microsoft may have missed so I would not rush to deploy this tool on a
production server until it has been proven in the field. As a free tool
that is developed by Microsoft, this seems to rise to the level of worthy
of your consideration.
---------------------------------------------------------
On another matter, the reviews of the first IIS Security and
Administration (IIS FastTrack) class held in Boulder, CO last week are now
online at http://www.iistraining.com/Reviews.htm
----------------------------------------------------------
Brett Hill
IIS Administration and Security Training http://www.iistraining.com
-------------------------------------------------------
IIS Answers Bulletin
URLScan Tool Released by Microsoft
http://www.microsoft.com/downloads/release.asp?releaseID=32571
--------------------------------------------------------
In response to security concerns about IIS, Microsoft released today a
tool called URLScan that could be a valuable security asset. It is an
ISAPI filter (consequently, it will always run in process), that will
analyze an incoming request and screen them according to a ruleset created
by the administrator. This is the same kind of technology used by
IISSecure created by Eeye which has proven to be an effective security
tool. It would be ideal if a malformed or suspect URL never reached IIS
for processing in the first place. Nevertheless, in the interests of
layered protection, should a firewall or Intrusion Detection Software be
defeated, IIS itself would be inspecting packets according to provided and
customized rules.
URLScan is an ISAPI filter and as such, must be crafted carefully. There
are scalability and concurrency issues associated with ISAPI filters that
Microsoft may have missed so I would not rush to deploy this tool on a
production server until it has been proven in the field. As a free tool
that is developed by Microsoft, this seems to rise to the level of worthy
of your consideration.
---------------------------------------------------------
On another matter, the reviews of the first IIS Security and
Administration (IIS FastTrack) class held in Boulder, CO last week are now
online at http://www.iistraining.com/Reviews.htm
----------------------------------------------------------
Brett Hill
IIS Administration and Security Training http://www.iistraining.com
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
