server security

Do you think that your server / web site is secure ?

Our team have reviewed few popular web sites and identified the big holes in the server which can be used by a hacker to log on to the system easily. I am going to tell you few important things where you should take care.

1. Microsoft RDP

It may be possible to get access to the remote host. Description : The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man in the middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials. This flaw exists because the RDP server stores a hardcoded RSA private key in the mstlsapi.dll library. Any local user with access to this file (on any Windows system) can retrieve the key and use it for this attack. See also : http://www.oxid.it/downloads/rdp-gbu.pdf http://technet.microsoft.com/en-us/libra ry/cc782610.aspx

Solution: Force the use of SSL as a transport layer for this service. Risk Factor: Medium

2. SMTP Service

It is possible to enumerate the names of valid users on the remote host. Description : The remote SMTP server answers to the EXPN and/or VRFY commands. The EXPN command can be used to find the delivery address of mail aliases, or even the full name of the recipients, and the VRFY command may be used to check the validity of an account. Your mailer should not allow remote users to use any of these commands, because it gives them too much information.

Solution: If you are using Sendmail, add the option : O PrivacyOptions=goaway in /etc/sendmail.cf

3. web server leaks a private IP address through its HTTP headers

This web server leaks a private IP address through its HTTP headers. Description : This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. There is a known issue with IIS 4.0 doing this in its default configuration. This may also affect other web servers, especially on a misconfigured redirection. See also : http://support.microsoft.com/support/kb/ articles/Q218/1/80.ASP See the Bugtraq reference for a full discussion.

Any queries?

Recent Posts
Categories
- Cracking (2)
- Default (2)
- Featured (4)
- Job (1)
- Linux (16)
  - Apache (6)
    - htaccess (2)
      - System Admin (1)
    - Perl (1)
  - Commands (3)
  - crontab (1)
  - IPtables (2)
  - Mysql (3)
  - PHP (6)
    - FFMPEG (1)
- SSL Certificate (3)
- SVN (1)
- Virus (0)
  - Trojan (0)
- Web Server Security (1)
- Windows (5)
  - Apache on windows (1)
  - IIS (1)
    - IIS FTP (1)
  - MS SQL Server (1)
Archives
Calendar

August 2010

M T W T F S S

« Jul

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30 31
Blogroll
- Login
Recent Comments
- Beta: Nice VPS... »
- Riyesh: Ee job eniku tharooo.. hi hi... »
- Shera Mobley: I really like your post. Always been very informat... »
- Tyson F. Gautreaux: Hi, i must say fantastic site you have, i stumbled... »
- Aneesh: Hi, Please tell me how did you land on this site.... »

August 2010
M	T	W	T	F	S	S
« Jul
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Fatal error: Call to undefined function wp_list_addonn() in /home/sites/customers/aneesh/systemadmin/blog/wp-content/themes/Grante/sidebar.php on line 106

server security

Recent Posts

Categories

Archives

Calendar

Blogroll

Recent Comments