Welcome to Singapore blogs

Software terrorism and IIS

This side of paradise - a Singapore blog

The metamorphosis of frove and the thoughts of a millionaire mind

Software terrorism and IIS

  • Comments 2

Terrorism exists in many forms. Computer software is not immune to software terrorism either. Software terrorism involves worms, viruses, trojans, and attacks against software infrastructure accessible to the general public such as web servers, ftp servers, among others. Terrorism on websites normally involves changing the website's contents, stealing information from it, and using certain known vulnerabilities to execute code of choice, after identifying which particular web server software a website is running. Most attacks on a website involve using the website's known IP address. The basic assumption is that any given website's IP address is static.

In setting up my business website more than a year ago, I anticipated that attempts would be made on my website too. So, one of the innovative techniques I've used is to make my website's IP address non-static. My website's IP address would change from one address to another address if certain conditions were satisfied.

How then would normal users access my website? Normal users access my website using it's known URL. Attacks could still be made on my website by using it's known URL. However, two additional layers of protection were put up. The first, is to use a firewall. There are two kinds of firewalls: software and hardware. In my infrastructure, I've chosen to use a hardware firewall.

In the HTTP specification, which was documented in RFC 1945, section 10.14 stated that server response header contain “information about the  software used by the origin server”. Additionally though, “Revealing the specific software version of the server may allow the server machine to become more vulnerable to attacks against software that is known to contain security holes. Server implementors are encouraged to make this field a configurable option”.

Microsoft has the IIS Lockdown Tool, however, it is not usable for IIS 6. Hence, I developed an ISAPI filter (which is a web server software add-in, click to read about an overview of an ISAPI filter) that randomly returns one of 215 known web software configurations in the HTTP Server response header, thus hiding the actual web software used.

Needless to say, these are security by obscurity, and there are disadvantages to it. A determined terrorist could still find out the actual software I'm using.

Blog - Add Comment Form
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Post
Blog - Comment List
  • Hmm... I dont suppose you could share the ISAPI filter with us so we could secure our servers in a similar way? Also, how do you communicate your changed IP address? I ask because I have similar problem, having a personal webserver and being on broadband with a dynamic IP

    Daniel
  • You do not leave any contact address, so how do you expect me to put up this software? Publicly?
Page 1 of 1 (2 items)
Page 1 of 39 (961 items) 12345»