Both are important.
An IIS box with no patches installed behind the greatest firewall in the
world would still be vulnerable to code red, nimda, unicode and all that
good stuff if port 80 was getting to it. A completely patched server with
no firewall would be
available to be compromised on a
Tcp wrappers are to limit who can connect to a particular service on a
box by IP. I don't know enough to tell you how to disallow that user
telnet access. But I don't think TCP wrappers are the answer since they
are not user aware.
-Original Message-
From: Daniel Pope [mailto:[EMAIL PROTE
These are inherently insecure protocols. There are ways to secure them
but they require both client and servers that support this. So unless
every FTP and web site you goto are setup for this i.e. SSL and your ISP
supports it for your e-mail you are pretty much stuck. The best option
is to practic
The best reason is that directory traversal (unicode) attacks don't
work. This is the method that CR used to put in the "backdoor". It moved
cmd.exe from c:\winnt\system32 to c:\inetpub\wwwroot\scripts and renamed
it to root.exe . This would not be possible if it were on a separate
drive or partit