DurocShark
Lifer
2 years ago I set up a little IIS server for our help desk intranet. All it does is serve html and PHP pages and a couple little SQL databases. Used by like 100 people at its highest, 20 people now.
It is completely internal, and has no connection outside the corporate network. For someone from the outside to get to it they would need:
Penetrate the network
Use an account with one specific group for IT people
What can they do? There was one local account created on the box for communication with another application's database. That account has nothing connecting it outside of this one box but is instead a method for the application to dump data on this box so we don't have to allow access as a file server.
Anyway, we are preparing for an audit and got zinged on:
The above mentioned local account
Running IIS Admin as a service
Having SMTP and FTP services running though they weren't being used (Ok, I can see those)
Virtual directories.
Seriously, WTF harm can be done with the above? I have next to zero knowledge of network security since the 90's and some of this stuff just seems over-analyzing to me.
It's not a big deal to change those things. We can create an AD account to replace the local one and server the same function. The IIS Admin website isn't much used, only for convenience. The virtual directories will be a small pain, but doable. Turning off SMTP and FTP is a no-brainer.
It is completely internal, and has no connection outside the corporate network. For someone from the outside to get to it they would need:
Penetrate the network
Use an account with one specific group for IT people
What can they do? There was one local account created on the box for communication with another application's database. That account has nothing connecting it outside of this one box but is instead a method for the application to dump data on this box so we don't have to allow access as a file server.
Anyway, we are preparing for an audit and got zinged on:
The above mentioned local account
Running IIS Admin as a service
Having SMTP and FTP services running though they weren't being used (Ok, I can see those)
Virtual directories.
Seriously, WTF harm can be done with the above? I have next to zero knowledge of network security since the 90's and some of this stuff just seems over-analyzing to me.
It's not a big deal to change those things. We can create an AD account to replace the local one and server the same function. The IIS Admin website isn't much used, only for convenience. The virtual directories will be a small pain, but doable. Turning off SMTP and FTP is a no-brainer.
