Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Microsoft Webserver the most secure on the market

  1. #1
    Junior Member
    Join Date
    May 2002
    Posts
    1

    Cool Microsoft Webserver the most secure on the market

    The Proof Of Concept project has started from a Danish website located
    warlab.infowarfare.dk

    He has proven that a Windows 2000 server With IIS 5.0 can't be defaced
    he has published it all over the globe on IRC, websites, Chats and so on.

    Give it a try

    CrC_Error

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    310
    LOL.What a joke.We'll see how long that lasts.It's pretty much a rule of thumb(short of govt encryption and such)that anything that can't be hacked/cracked/defaced,or whatever else is broken down within a week.If these people had half a brain,they'd quit letting their heads swell and not publish rediculous claims like that,and their products might remain secure for a little longer.Claims like that just grab the attention of every skiddy,hacker,and cracker on the face of the planet.
    [shadow]I don\'t believe in anarchy.If you\'re not smart enough to beat the system it\'s your problem. [/shadow]


  3. #3
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Just what the senior AO'ers have been saying forever; set up the system properly, keep the patches and updates current and you're "GtoG". It's easy to blame the OS for SysOp mistakes or lack of knowledge, but you have to invest the time required to set it up properly, which is nearly a 24/7 project after your masters degree, or equivalent. Very good link, i enjoyed it and i'm not even a SysOp pro.

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    lol. . . you are right gghornet

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Actually, he said "...my first goal is to prove that a Microsoft Windwows 2000 server with IIS 5.0 can be as secure as you want it to be.". He said nothing about defacement being impossible. He is advocating that where most people blame the system they run as being insecure, they are simply passing the buck so as to not look like morons and admit fault. It precisely this kind of misplaced faith in a security system that leads to problems like this. The security of any system is inversely proportionate to the trust we place in that system. Be careful.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  6. #6
    Junior Member
    Join Date
    Oct 2002
    Posts
    17
    Well , I m just a fng , but what is the point of putting up a statement like that when the site has Rules to abide by.... Um I might not understand the whole scope of the Idea, but EVERY Penetration specialist I Know, Does not "play by the rules".... so should the anouncer of this statement announce a "no holds barred" Contest? ....Im wondering if His statement would Valid then.??

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Originally posted here by The Old Man
    Just what the senior AO'ers have been saying forever; set up the system properly, keep the patches and updates current and you're "GtoG". It's easy to blame the OS for SysOp mistakes or lack of knowledge, but you have to invest the time required to set it up properly, which is nearly a 24/7 project after your masters degree, or equivalent. Very good link, i enjoyed it and i'm not even a SysOp pro.
    Securing your system is one thing (any OS can be secure). Creating a website challenging someone to break the security is another. In fact, it is just plain dumb. When will people learn that NOTHING is perfect, yes that means no OS is completely secure, even my BSD systems

    The point is to eliminate as many potential vulnerabilities as possible and minimize your level of exposure. Some systems are more restrictive out of the box than others, which means less risk of an exploit. It is all about numbers, whether you want to spend 5 mins hacking a default windows IIS install or 5 months on a server that took someone 2 months to secure (figuratively speeking), the point is that it can, and will, be done.

    I just can't figure why people and companies insist on setting themselves up for failure.

  8. #8
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    iNViCTuS, you are correct. It's the same thing with being the toughest guy on the block; as long as someone tougher doesn't move in. With this thread link, the guy is saying he's the toughest dude on his sphere of cyberspace. Maybe he's correct, until some guy from MIT who knows more than he does puts up a greeting on his site. I think what he's saying (maybe i'm wrong) is that if you set up a premium server with all it's capabilities enabled then it is pretty secure in general. The fact that he's tooting his own horn is kind of beside the point, but you can bet that a tougher dude will show up eventually, no matter how deeply he has studied the server OS. Some of the premium sites on the net have been compromised, including the high-visibility security companies. JP and crew even have a tough time keeping the attacks on the AO servers out on the front lawn instead of up on the porch. But eventually, who knows... Anyway, it's pretty certain that he who works out longest and hardest will win, all other things being equal.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    The chap at the danish site is absolutely correct. If fact I have an IIS5/Win2k box at home that is impenetrable...... Course I wouldn't dare connect it to the internet unless I switched it off first..... (and no..... The NIC does not support "wake-up over LAN")

    Honestly though.... Keeping up with the patches and all that is all fine and dandy but all you are doing is _reacting_. Reacting to something that is already known and patched. If someone hits your box with a "zero day" none of the patches in the world will help.... Your hacked.....

    The question then is what have you done to mitigate the damage on the back end. How quickly can s/he escalate privilege? Can they move files undetected onto the system? How quickly can they hop to another box inside your system and set up shop there? Can they clean up after them and erase only those log entries that pertain to them? Can they even find your log files, (think stealth logging)? Can they be sure that they are not being sniffed while they work and could they defeat the sniffer and erase the entries there?

    Security is, unfortunately, not one dimensional - in fact it has a few more than the standard three we are all used to which, correspondingly, makes it that little more difficult to grasp and execute effectively.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Wow I'm glad to see this person is in a lofty tower on top of the building when most systems are buried in a basement and often times in comm closest even big enough to stand in side ways. What an automated system to secure Windows? It will be out of date or cost for a subscription update, what is MS count this year 65 updates, how much they gonna cost from this person? Reality check here Sys Admin is not lax in their duties they handle everything from network expansions, to I cannot find my favorite screen saver. Work load users how much time in a day and how many hours at a server (s). I wish I had time to invite such things as these bold statements, if there is an OS it has bugs and why pay a 3rd party to supply them when I pay top dollar to the MFG? Firewall OS is different from the server (s) OS 90% of the network crap pulled would be better spent in a good firewall and proper polocies on it. Other 10% is picked up on active netstat
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •