Vulnerabilities on IIS 7.0 & Computer Security Terms

There are a few vulnerabilities on IIS 7.0 Microsoft IIS(Internet Information Services) 7.0 Web Server which are caused by:
1.Sadmin Worm /IIS
Accessing the root in the Sun Solaris connected UNIX system because Sun Solaris vulnerabilities. This worm’s effect is defacing the website based IIS.

2.Conficker
Early IIS version, before version 6.0 and version 7.0, there are a lot of vulnerabilities, most famous of them is Red Code worm. Nowadays, IIS 6.0 and IIS 7.0 have the same problem. The components of IIS 7.0 are divided into some parts or some modules, then some needed component can be installed. URL filtering is the most powerful feature from the latest IIS version. It will refuse malicious URL based on user’s rule.

Conficker proofs the weakness of IIS 7.0 by succeeding to access Server Service Could Allow Remote Code Execution (958644) by its NetBIOS. A hacker can run arbitrary code without any authentication. A lot of platforms can be hacked; they are like Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, and Microsoft Windows Server 2008.

Some terms in Computer Security. One is explained to you about port.There are two types of ports. Hardware port and software port, hardware port is like USB port, Audio port, PS/2, parallel port (old computer interface), VGA port, and etc. Software port is like TCP and UDP; those are used to be information exchanger among computers in internet. In programming, assembly resource is used to program the hardware port (IN, INS, OUT, OUTS).

SuperScan is one of the useful port scanners, but the process spends more time. This ineffective trick can make the alarm on, at the most secure computer security system. It will locate host. Computer ports, sum of scanned ports, and bandwidth rate define how long the time of scanning.

As an ethical hacker, scanning all ports with different tools will get various results. Hacking tools are not same good enough. We can use scanner tools like SuperScan,Nmap. SuperScan is for TCP and Nmap is UDP.

Additional terms are IP(Internet Protocol), web server, database server, Native Database APIs, ODBC (Open Database Connectivity), JDBC (Java Database Connectivity),and proxy.

If you want to know more just download full e-book at here. This can be used as your reference book, it contains only for educational purpose.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: