On Tue, 28 Nov 1995, O'Sullivan, John (x4714) wrote:
>
> One hole in the outside occurs if you use the FTP server that ships with NT.
> Even if you make the Sub directory the FTP dir a user can cd / to the root.
> MS has a product in beta that fixes this problem until then be careful
> using FTP when pointing to the outside world.
> If you want to secure a server one easy way is to add to or more cards to
> the server and we assume that one card is the "secure" (outside) card and
> the other "unsecure" (inside) card. On the outside card unbind all network
> components except TCP/IP. Get rid of server and workstation
> This will allow only TCP/IP socket apps Mail, HTTP, etc
> on the other side "inside" users still have access to the server as they
> normally would.
>
Again, one haws to ask, is this a 'hole' per se, or is this an 'out of
the box' setup or misconfigured setup? Big differences there eh? My
understanding is that an NT filesystem setup with anon ftp, with perms
set correctly has yet to show any holes one can drive in through. Can
you clarify this for me and others please?
Even reports about NT servers with tcp/udp port 137-139 fully exposed to
the outside have yet to show anyone being able to sidestep the services
assinged to run on those ports to put an nasty process into the box.
Has someone any info to share here that is founded in fact w/
documetation others can follow to demonstrate any real holes?
Thanks,
Ron Dufresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
References:
|
|
