Network Security Consulting Blog

Defending Web servers and applications against attacks is one of the most difficult tasks that information security professionals and others face. The fact that Web server locations are normally well advertised, that Web servers and application are often very complex, and also that many automated ways of attacking frequently used Web services and protocols exist only exacerbates this already difficult task.

Not too many years ago a particular Web server, the Internet Information Services (IIS) Web server, stood out as a particularly easy target to attack. According to attrition.org seven years ago, 21 percent of the web servers on the Internet were IIS Web servers, yet over 60 percent of all reported web page defacements and break-ins into Web servers involved IIS Web servers. Among the many vulnerabilities in IIS implementations at that time was the fact that IIS ran with SYSTEM privileges, the highest level of privileges in Windows systems. Read more…

I recently read a news item that stated that Ponemon Institute survey results show that nearly 640,000 laptop computers are lost at airports every year. Two thirds of the lost laptops are never returned to their owners. Worse yet, slightly more than half of the lost laptops held confidential data, and only 42 percent of the lost laptops have been backed up.

With respect to lost laptops, I stand among the guilty. About five years ago I had a flight from San Francisco to Chicago. The flight, originally scheduled for early one Sunday afternoon, kept getting delayed to the point that it was finally rescheduled to leave well after dinner time, something that more or less made it a “red eye” flight. I left the airport to have dinner at a nearby restaurant, and after coming back I had to go through airport security once again. Read more…