Community Server

Knowledge Management and Collaboration Platform
Welcome to Community Server Sign in | Join | Help
in Search

Browse by Tags

All Tags » Security » IIS
Showing page 1 of 2 (14 total posts)
  • Denial of Service attach detailed against IIS 5 / IIS 6 FTP Service

    Kingcope has published an exploit to the Bugtraq mailing list for IIS FTP service running on IIS5, IIS6 and IIS7 (when running FTP v6). Note that IIS 7 running FTP v7 and IIS 7.5 are not affected. Microsoft has an official advisory, and some more details are available on the Secunia blog. My fellow MVPs are not reporting 100% results against ...
    Posted to Ken Schaefer (Weblog) by Ken on September 7, 2009
  • IIS and Kerberos Part 9 - Cross Forest Delegation scenario with UPN suffix routing

    As an extension of the previous article on Cross Forest (or Cross Domain) Kerberos Authentication this article examines how to configure cross forest authentication and delegation when users are accessing an arbitrary website URL. In this scenario we have the same two Forests as in Part 8. Forest A (domainA.local) contains our resource servers ...
    Posted to Ken Schaefer (Weblog) by Ken on February 26, 2009
  • IIS and Kerberos Part 8 - a simple cross Forest/Domain delegation scenario

    In this part we extend, slightly, upon the previous scenario, by adding delegation. Now we need to allow IIS, in our resource Forest (or domain) to delegate the end user’s credentials, to a backend service (SQL Server in this case):The machines this case are:MachineDomainIP ...
    Posted to Ken Schaefer (Weblog) by Ken on June 29, 2008
  • IIS and Kerberos Part 7 - A simple cross Forest scenario

    Note: I have created a list of all the IIS and Kerberos parts  I'm finally getting around to writing this section on IIS and Kerberos. This initial post will cover the basics of a cross-Forest Kerberos authentication scenario. In the next few posts we'll cover more complex situations including delegation and ISA Server ...
    Posted to Ken Schaefer (Weblog) by Ken on May 13, 2008
  • IIS - two security patches this month

    Hi all, There are two security patches out this month for IIS. The first (MS08-005) affects Windows XP x86 (IIS 5.1), Windows XP x64 (IIS 6.0), Windows Server 2003 (IIS 6.0) and Vista RTM (IIS 7.0). Vista SP1 and Windows Server 2008 are not affected. This is a local escalation of privilege vulnerability, and requires that the attacker be ...
    Posted to Ken Schaefer (Weblog) by Ken on February 13, 2008
  • Publishing Operations Manager 2007 Web Console with ISA Server 2006

    Having just deployed a test Operations Manager 2007 server at home, I wanted to publish the Web Console site externally, so I wouldn't have to continually TS into my box at home, and use the regular console. My only problem is that I have a single public IP address, and because I'm only publishing services over HTTPS, I only have a single ...
    Posted to Ken Schaefer (Weblog) by Ken on August 3, 2007
  • IIS and Kerberos Part 5 - Protocol Transition, Constrained Delegation, S4U2S and S4U2P

    Protocol Transition is a new feature in Windows Server 2003. The Kerberos implementation in Windows Active Directory domains provides the robustness of Kerberos whilst also obviating a number of the technical issues with non-Windows Kerberos implementations (platform infrastructure, ticket renewal, ticket proxy). However Kerberos has a downside ...
    Posted to Ken Schaefer (Weblog) by Ken on July 19, 2007
  • Can you install more than one certificate per web site? (IIS 5 / 6)

    I was asked recently by a colleague if a website defined in IIS could have multiple SSL certificates installed, so that the website would answer requests for as well as without generating an error in the user's browser that the website's name didn't match the one in the certificate. The simple ...
    Posted to Ken Schaefer (Weblog) by Ken on May 12, 2007
  • Certificate Services (2000, 2003) Web Enrollment does not work on Vista

    Unfortunately if you have a new Vista PC, and you try to use the web enrollment pages (certsrv) hosted on a Windows Server 2000 Certificate Authority (CA) or a Windows Server 2003 CA, you won't be able to enrol for a certificate (indeed if you're using Windows Server 2003 SP2 you get a message to that effect). If you are in a domain ...
    Posted to Ken Schaefer (Weblog) by Ken on May 2, 2007
  • IIS and Kerberos. Part 4 - A simple delegation scenario

    Delegation is a feature of Kerberos authentication that allows a server to obtain a Kerberos ticket on behalf of an end user without ever having access to the end user's password. This functionality allows Kerberos to solve typical "double-hop" authentication problems where a user's credentials need to flow through multiple ...
    Posted to Ken Schaefer (Weblog) by Ken on January 28, 2007
1 2 Next >
Powered by Community Server, by Telligent Systems