Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Security
R E V I E W  
Hip Check

  October 21, 2002
  By Mike Fratto


>> continued from previous page

How We Tested

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 What We Really Want
arrow
 Okena StormWatch 3.0 & StormFront 2.0
arrow
 Other Products Reviewed
arrow
 How We Tested
arrow
 Report Card

For our host machines, we installed Sun Microsystems Solaris 8 on an Ultra 10, Windows 2000 Server on Dell OptiPlex GX1s and Red Hat Linux 7.1 on a Dell OptiPlex GX1. We didn't patch or apply service packs to any of the systems we were protecting. We searched through various archives, including SecurityFocus (online.securityfocus.com/bid) and Packet Storm (packetstormsecurity. org), for tools that would let us exploit known application vulnerabilities on our target operating systems. We found many to choose from, including remote buffer overflows, directory traversal tricks and local exploits.

Our goal for Windows 2000 and IIS as well as for Solaris 8 with Apache was to let the Web server have read access only to webroot, and no write access. That stops most attacks that try to break out of webroot or attempt to copy or execute files, such as command shells. We even assumed the attacker had access to the console and could add software to the system locally. For example, copying command.exe into c:\inetpub\scripts so that it could be reached by using http://server.ip/scripts/command.exe/c+


start top  Other Products Reviewed Report Card 

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Data Centers Gone Wild
February 22, 2010
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll