Securing IIS

  
   
 

HTTP is, on its own, a relatively complex protocol. Add to this an extensive list of vendor features (virtual hosts, for example), and you have quite a monster to control. No wonder vulnerabilities have continuously been found in all HTTP servers, including Apache, IIS, thttpd and the Netscape Enterprise server.

The key to securing a webserver is to take all necessary precautions to not only keep the server timely patched, but to make sure future risks have been minimized. In this tip, we will quickly brief 2 (of the many) techniques.

The first generic technique is to move cmd.exe out of its standard place. The reason is many exploits and worms attempt to spawn this file by default, so moving it to a different place will help you mitigate some attacks. Not to mention, higher level insecure CGI/server-side code (such as code written by an inexperienced programmer in ASP), could result in directory traversal bugs which can pass commands to the cmd.exe file.

The second technique involves changing the MaxClientRequestBuffer registry key to a minimum value. By minimum I mean having the least value which would not disrupt your normal HTTP request traffic. So for example, if your maximum-sized request is 2K, setting your MaxClientRequestBuffer to 2.5K would be a safe value, for example. Limiting the buffer has the advantage of not leaving enough room for the attacker to exploit a buffer overflow bug (such as that exploited by Nimda). For the whereabouts of the regkey, refer to Microsoft Knowledge Base Article - 260694.
 
   
 





In this issue of our monthly newsletter we interviewed Mr. Ashraf Hamed, Duravit IT manager, Egypt and Middle East. Duravit is currently deploying full mesh Frame-Relay VPN.

  
 
 



Q. What encouraged you to add a fourth branch to your full mesh FR-VPN?
A. Service quality and support. In the very rare cases when the service is down, we know that from NOOR, unlike all other service providers. In addition, the time taken for solving problems is quite satisfying. In Duravit, we are very happy with NOOR's service level, especially in terms of the links' delay time which is minimal, and the very impressive proactive response we get from NOOR engineers.

Q. NOOR services are varied. Are you planning to deploy other services?
A. Yes, we are planning on adding other branches to our Frame-Relay VPN through NOOR. Moreover, we are considering deploying Internet services and migrating to MPLS VPN.

Q. Do you think NOOR has contributed effectively to Duravit's Business?
A. One of Duravit business model requirements is placing orders from any Duravit branch. Communication stability is essential for IT services, upon which critical applications like Domino & ERP are based. Instable connection would negatively affect orders, shipments and enterprise applications. For this reason, stable communication is so important for Duravit. Though we have services from other providers, NOOR was chosen as our main provider.

 

Q. Do you see NOOR’s transparency with customers as an advantage or disadvantage?
A. It is a great advantage. With NOOR, nothing is vague at all. There is no
problem tracking trouble tickets, but more importantly I am always fully
informed of the problem. In addition I am always given a realistic time
frame to solve any problem.

Q. Last May, NOOR presented a big event under the name of Empower. What is your feedback on the event?

A. NOOR Empower was impressive, and during the event I have learnt about NOOR
value added services, which we are thinking of outsourcing now. I am
interested in attending future events.

Q. Would you recommend NOOR as a service provider/data carrier?
A. You are number one on my recommendation list.


  
 



More on NOOR services and products? Please visit:

www.noor.net


 
 




 



Customer Relationship Management

Customer Relationship Management (CRM) is a rapidly growing department at NOOR. CRM aims at retaining customer satisfaction, enhancing customer service, protecting customer rights and, above all, assuring service quality. NOOR CRM interacts with customers through multiple channels to track and maintain real-time records of customer interactions and establish a complete view for the customer.

Bringing together information from different data sources within our organization to give one holistic view of each customer in real time, NOOR CRM is essential for gaining a better understanding of customers’ needs. Used in association with data warehousing, data mining, call centers and other intelligence-based applications, CRM allows gathering and accessing information about customers’ preferences, complaints and other data to better anticipate customers’ needs. NOOR CRM is delivering the personalized, informed service on-demand, which customers expect.

CRM benefits include faster response to customer inquiries, with deeper understanding of needs. Meanwhile, CRM receives customer feedback that leads to new and improved services.

NOOR new CRM website is COMING SOON, as customers will be able to check their trouble tickets online, open new cases and join NOOR new CRM chat room.

Copyright © 2004 NOOR Group. All Rights Reserved.
 
Privacy Policy | Contact Us