At 08:36 AM 9/3/2001 -0700, Mark Bergeron wrote:
>Let me also add, unlike *nix, you may run scripts from virtualy any folder
>you see fit on Win (within wwwroot for the web of course). Everything is
>really governed by the permissions and etc... you set on the folder
>itself. In some cases it makes sense to name the cgi folder something less
>obvious like, wordfiles, oldapps or the like. Be creative. This way should
>the casual hacker break in you stand a chance of he/ she skipping the
>directory. At the very least, someone is sniffing your tranfers might not
>suspect your moving them into an executable dir. Just a thought.
>
>MB'
I don't fully understand this advice. If the casual hacker has "broken in",
then it seems that they already have more or equal power than they would be
able to gain through hacking a scripts directory.
As for sniffing file transfers. I suppose that is a valid issue, although
it seems to me that someone sniffing an FTP session would sooner be able to
get your plaintext password and be able to search around themselves. Even
if the directory in this case was renamed, the script itself is not. So
something like formmail.pl would still be formmail.pl even if it is in an
oddly named directory.
I am not saying there is no case for it at all. But it doesn't seem that
strong for the annoyance of dealing with an obfuscation in your own
setup. I think a human reading the directories would be able to figure out
where things are.
However, I also think that script kiddies are certainly something to watch
out for if you are afraid you might miss a Microsoft security patch one
day. One thing to consider then is that renaming the scripts directory may
prevent an automated hacking script from putting something in the defeault
c:\inetpub\scripts directory. So perhaps if this directory were renamed to
something that is not obfuscated to make it hard to manage, but still
different (eg maybe call it scriptstuff) then the automated scriptkiddle
script will be thwarted.
This is similar in concept to the idea of renaming root (which seemed to be
advocated at SANS even several years back, don't know if it still is) just
to prevent some scripted attacks from being able to log on as root. But
they didn't precisely advocate renaming root to something that is
obfuscated -- just renamed enough to fool the scripts of that day.
Anyway, I'd like to hear more evidence of how strong renaming the scripts
directory really is against attacks as I could be wrong in my assumptions.
Thanks,
Gunther
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
