IIS anonymous user is a domain user

Discussion in 'Computer Security' started by Henry Splatt, Sep 4, 2003.

  1. Henry Splatt

    Henry Splatt Guest

    What are the security rammifications of having an IIS 5.0 box, where the
    anonymous user is a domain user as opposed to the normail IUSR_Machine
    account?

    How would this be amplified, if at all, by having the default Everyone group
    with full control on the file system? The box is behind a good firewall.

    Thanks for your time,

    Henry
     
    Henry Splatt, Sep 4, 2003
    #1
    1. Advertising

  2. Henry Splatt

    Mike Guest

    I will take a quick stab at this but by running your website as a domain
    user it is basically giving permission to your web server to access anything
    that the Everyone group on your entire DOMAIN can access. That means that
    if someone manages to take advantage of one of the many IIS vulnerabilities
    they very well may have access to information all over your network instead
    of just the one machine.

    Mike

    "Henry Splatt" <> wrote in message
    news:AsG5b.3628780$...
    > What are the security rammifications of having an IIS 5.0 box, where the
    > anonymous user is a domain user as opposed to the normail IUSR_Machine
    > account?
    >
    > How would this be amplified, if at all, by having the default Everyone

    group
    > with full control on the file system? The box is behind a good firewall.
    >
    > Thanks for your time,
    >
    > Henry
    >
    >
     
    Mike, Sep 5, 2003
    #2
    1. Advertising

  3. Henry Splatt

    Leythos Guest

    In article <YnS5b.163374$_V.118026
    @news04.bloor.is.net.cable.rogers.com>, says...
    > I will take a quick stab at this but by running your website as a domain
    > user it is basically giving permission to your web server to access anything
    > that the Everyone group on your entire DOMAIN can access. That means that
    > if someone manages to take advantage of one of the many IIS vulnerabilities
    > they very well may have access to information all over your network instead
    > of just the one machine.


    That's why you learn how to lock your IIS server down - there are many
    easy ways to secure IIS so that if someone does compromise it that they
    won't be able to run CMD.COM and other things necessary to do damage.

    Please follow NORMAL/STANDARD usenet etiquette and BOTTOM post.

    Mark


    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Sep 5, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. moe_rodrigue

    IIS 6.0 win2003, IIS users

    moe_rodrigue, Apr 1, 2004, in forum: MCSE
    Replies:
    1
    Views:
    1,066
    MikeF
    Apr 1, 2004
  2. =?Utf-8?B?UHJhdmVlbg==?=

    Sub-domain hosting in IIS (windows 2000 server)

    =?Utf-8?B?UHJhdmVlbg==?=, Mar 3, 2005, in forum: MCSE
    Replies:
    14
    Views:
    4,016
    Yeago
    Nov 16, 2007
  3. Galpersonal
    Replies:
    8
    Views:
    1,032
    universal4
    Aug 13, 2006
  4. sitaramig
    Replies:
    0
    Views:
    1,169
    sitaramig
    Jun 3, 2007
  5. Limited Wisdom
    Replies:
    7
    Views:
    790
    Jonathan Roberts
    Sep 13, 2006
Loading...

Share This Page