By now you've probably have read about the Code Red Web server worm and have loaded the fix on your Internet-connected Microsoft IIS servers. Unlike a typical desktop worm, such as Melissa, the Code Red worm spreads from one Web server to another. After infecting a Web server, Code Red temporarily defaces the home page before creating 99 threads that look for other Web servers to infect. However, because Code Red uses an exploit for which a patch has been available for some time, your systems might be safe. If you've practiced proactive security (e.g., reading Microsoft security bulletins and loading recommended hotfixes on your Windows 2000 IIS servers), you were probably already protected from Code Red before its release.
Let's consider an even more important, strategic way to be proactive about security. Because attackers readily exploit bugs in software components, I frequently encourage users to disable or remove all unneeded computer functionality. If a component isn’t functional on your computer, you're immune to all exploits based on that vulnerable component. At the OS level, you should disable all unneeded services. (To locate my series of articles titled "Dangerous Services," select one of the related articles from the Article Information box at the right.) When you install a product such as IIS, however, you need to realize that it consists of many components that typical installations don’t need. For example, in addition to HTTP Web services, IIS supports SMTP, FTP, and Network News Transfer Protocol (NNTP). Even IIS's core Web server component doesn't need many of the optional features that a typical Web site doesn’t use, such as Internet Printing and Index Server. Web Server Support for Index Server is the feature that contains the unchecked buffer that the Code Red worm exploits. . . .
Register
