clutch 1 Posted September 12, 2001 I get these email newsletters from www.iisanswers.com, and I thought I would just post this to you for those that are interested: ------------------------------------------------------- IIS Answers Bulletin URLScan Tool Released by Microsoft http://www.microsoft.com/downloads/release.asp?releaseID=32571 -------------------------------------------------------- In response to security concerns about IIS, Microsoft released today a tool called URLScan that could be a valuable security asset. It is an ISAPI filter (consequently, it will always run in process), that will analyze an incoming request and screen them according to a ruleset created by the administrator. This is the same kind of technology used by IISSecure created by Eeye which has proven to be an effective security tool. It would be ideal if a malformed or suspect URL never reached IIS for processing in the first place. Nevertheless, in the interests of layered protection, should a firewall or Intrusion Detection Software be defeated, IIS itself would be inspecting packets according to provided and customized rules. URLScan is an ISAPI filter and as such, must be crafted carefully. There are scalability and concurrency issues associated with ISAPI filters that Microsoft may have missed so I would not rush to deploy this tool on a production server until it has been proven in the field. As a free tool that is developed by Microsoft, this seems to rise to the level of worthy of your consideration. --------------------------------------------------------- On another matter, the reviews of the first IIS Security and Administration (IIS FastTrack) class held in Boulder, CO last week are now online at http://www.iistraining.com/Reviews.htm ---------------------------------------------------------- Brett Hill IIS Administration and Security Training http://www.iistraining.com Share this post Link to post
