|
|
|
Date Submitted:
08/18/05
Hits: 46 Rating:  based on 0 votes
Securing an Unpatchable Webserver... HogWash!Added by Papergrl
Description:
During a routine examination of a client's network we discovered a vulnerability on a Microsoft IIS 3 web server. After brief investigation, we discovered that this web server runs a mission-critical web application: it is the client's primary means of doing business and must be protected at all cost. The real problem is that this application is tightly bound to certain features of Microsoft's IIS 3 web server. We searched for a patch, but there were none. Microsoft's solution was to upgrade the server to a more recent version. We attempted to upgrade the server to IIS 4, but the result was disaster. A total rewrite of the web application using better technology is underway, but will not be complete for a long time. In the meantime the server needs to remain available and unhacked. What is the security professional to do?
Read the Complete Paper You don't have permission to post replies. Please login or register. |