Solved

IIS supports anonymous access, Basic, and Windows NT Challenge/Response (NTLM) authentication. The authentication mechanism in IIS could reveal the type of authentication in use to a remote attacker

Posted on 2009-04-03
16
383 Views
Last Modified: 2012-05-06
Microsoft Internet Information Server (IIS) supports anonymous access, Basic, and Windows NT Challenge/Response (NTLM) authentication. The authentication mechanism in IIS could reveal the type of authentication in use to a remote attacker. A remote attacker can send a specially-crafted GET request to verify the authentication type in use, depending on the error message returned by the host.-How to remove these kind of Vulnerabilities from IIS
0
Comment
Question by:Brijeshk9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24066104
Have you tried the IIS lockdown wizard?

You can't remove the GET request that asks for the authentication type.  That is required for the browser to submit authentication.  If you turn it off, only anonymous authentication will work.

You are better off using firewalls or monitoring software that detect malicious activity.
0
 

Author Comment

by:Brijeshk9
ID: 24071436
ok, what will be the better solution on it...!
0
 

Author Comment

by:Brijeshk9
ID: 24083927
Please help me to get the solution for IIS 5/6 & for Apache running on unix...
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24083975
If you want information on protecting web servers using firewalls or monitoring then I'd recommend you ask another more specific question in those sections.
0
 

Author Comment

by:Brijeshk9
ID: 24083986
I want to remove this kind of Website Vulnerabilities..?
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24084021
Once again, use the IIS Lockdown Wizard and even the Microsoft Baseline Security Analyzer.  There isn't a simple 'Click this' 'click that' answer for this.  People have careers specializing in locking down web applications.  I can't relay all that knowledge here.

http://www.iis.net/downloads/default.aspx?CategoryName=Microsoft&CategoryID=96&sort=modifieddate&direction=ascending&tabid=35&start=0&g=6
0
 

Author Comment

by:Brijeshk9
ID: 24084048
hmm, I have installed both the tool on my server, let me try to give my best on it...
Thanks for the suggestion
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24084105
They are excellent tools.  However, they won't protect your server from badly written code.
0
 

Author Comment

by:Brijeshk9
ID: 24084550
i have installed the iis lockdown with urlscan 2.5 on my Server Win 2k(IIS5) and is there any more configuration required on it. to get the web server more secure from this kind of Vulnerabilities.
Thanks in advance..!
0
 

Author Comment

by:Brijeshk9
ID: 24094144
below is the evidence for the problem i am facing.

Basic auth

GET / HTTP/1.1
Host: 192.168.1.15
Authorization: Basic cTFraTk6ZDA5a2xt

No response from server
Try manually



NTLM auth

GET / HTTP/1.1
Host: 192.168.1.15
Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAAAA=

No response from server
Try manually
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24104877
Why do you think that is a problem?  Is authentication failing?
0
 

Author Comment

by:Brijeshk9
ID: 24104928
ok, then what to do with this failure have installed IIS lockdown tool on my server, will  there any more configuration required..?
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24135078
Sorry I didn't make my comment clear.  I see nothing wrong with the 'problem' you described in http:#2409144  That is normal by design handshaking by a web server.
0
 

Author Comment

by:Brijeshk9
ID: 24138417
I tried to get more on iis lockdown tool to get my iis more secure can you give some more idea about iis lockdown tool....?
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 500 total points
ID: 24143163
Simply run it and respond to it's comments.  It will validate your server using the latest recommendations from Microsoft and provide recommendations about how to lock your server down.  The Baseline Security Analyzer will also highlight issues.
0
 

Author Closing Comment

by:Brijeshk9
ID: 31566352
will do more research on it
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question