Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.
IIS supports anonymous access, Basic, and Windows NT Challenge/Response (NTLM) authentication. The authentication mechanism in IIS could reveal the type of authentication in use to a remote attacker
Microsoft Internet Information Server (IIS) supports anonymous access, Basic, and Windows NT Challenge/Response (NTLM) authentication. The authentication mechanism in IIS could reveal the type of authentication in use to a remote attacker. A remote attacker can send a specially-crafted GET request to verify the authentication type in use, depending on the error message returned by the host.-How to remove these kind of Vulnerabilities from IIS
Who is Participating?
LVL 51
Simply run it and respond to it's comments. It will validate your server using the latest recommendations from Microsoft and provide recommendations about how to lock your server down. The Baseline Security Analyzer will also highlight issues.
Have you tried the IIS lockdown wizard?
You can't remove the GET request that asks for the authentication type. That is required for the browser to submit authentication. If you turn it off, only anonymous authentication will work.
You are better off using firewalls or monitoring software that detect malicious activity.
You can't remove the GET request that asks for the authentication type. That is required for the browser to submit authentication. If you turn it off, only anonymous authentication will work.
You are better off using firewalls or monitoring software that detect malicious activity.
If you want information on protecting web servers using firewalls or monitoring then I'd recommend you ask another more specific question in those sections.
Once again, use the IIS Lockdown Wizard and even the Microsoft Baseline Security Analyzer. There isn't a simple 'Click this' 'click that' answer for this. People have careers specializing in locking down web applications. I can't relay all that knowledge here.
http://www.iis.net/downloads/default.aspx?CategoryName=Microsoft&CategoryID=96&sort=modifieddate&direction=ascending&tabid=35&start=0&g=6
http://www.iis.net/downloads/default.aspx?CategoryName=Microsoft&CategoryID=96&sort=modifieddate&direction=ascending&tabid=35&start=0&g=6
hmm, I have installed both the tool on my server, let me try to give my best on it...
Thanks for the suggestion
Thanks for the suggestion
i have installed the iis lockdown with urlscan 2.5 on my Server Win 2k(IIS5) and is there any more configuration required on it. to get the web server more secure from this kind of Vulnerabilities.
Thanks in advance..!
Thanks in advance..!
below is the evidence for the problem i am facing.
Basic auth
GET / HTTP/1.1
Host: 192.168.1.15
Authorization: Basic cTFraTk6ZDA5a2xt
No response from server
Try manually
NTLM auth
GET / HTTP/1.1
Host: 192.168.1.15
Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAA
No response from server
Try manually
Basic auth
GET / HTTP/1.1
Host: 192.168.1.15
Authorization: Basic cTFraTk6ZDA5a2xt
No response from server
Try manually
NTLM auth
GET / HTTP/1.1
Host: 192.168.1.15
Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAA
No response from server
Try manually
ok, then what to do with this failure have installed IIS lockdown tool on my server, will there any more configuration required..?
Sorry I didn't make my comment clear. I see nothing wrong with the 'problem' you described in http:#2409144 That is normal by design handshaking by a web server.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
