Thanks to all that have responded.
To narrow down the scope of the question, let's say I removed the option of
installing to D: all together. This isn't to say that I actually *want* it
on C:... I surely DON'T and have wanted the webroot on D: all along!... but
for the sake of argument let's just say that we only have three options:
C:\SomeNewRootFolder
C:\Program Files\Company\Application\WebRoot
C:\Program Files\Company\WebRoot
The reason I'm interested is because my company will be using InstallShield
to create a setup program. Like many setups, one option will be a Custom
install. I'm pushing for them to include a little tidbit in the manual (and
during install) pointing out that a Custom install will allow for a more
secure installation. Part of the Custom install could obviously be to place
the Webroot on a separate drive/partition.
The Typical/Express install, however, will install to the C:.
Unfortunately, it's kind of set in stone and beyond my control. To some
extent we must consider that the user only has one partition anyway. (I
know, I know... server software shouldn't be installed on a mis-configured
server by someone that doesn't know what they're doing. Unfortunately,
however, this too is out of my control and we have to face the reality that
not every one of our clients will have technically proficient
employees/contractors).
Below, Mike points out one reason for placing the webroot outside of the
C:\Program Files\ folder --> It could become too large and annoying to work
from. It's ideas like this that I need to take to our developers...
especially those that could illustrate how an exploit could work differently
in a different folder off C:. Any other input would be greatly appreciated.
Again, I know that there are a number of other things to consider when
hardening an IIS installation (or just WinNT/2K for that matter). On the
boxes I myself deploy, I'll do all the normal stuff such as removing default
virtual directories, sample files, evil script mappings, patching up-to-date
with hotfixes, IPSec packet filtering, steps to secure Windows, etc. I'm
only looking for potential vulnerabilities that will arise based off
placement of the WebRoot on different folders off C:. For example, as
someone else mentioned in a response to my original post, NTFS propagation
would be easier to manage and perhaps more effective if managed from a
lower-level directory. ...And BTW: I won't use the default folder name
C:\InetPub\WWWRoot.
I look forward to hearing more of your responses!
Regards,
Daymon McCartney
-----Original Message-----
From: Mike Joffe [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 06, 2001 2:01 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Location of web root
Daymon,
Paranoia in the wake of Nimda and Code Red is hardly a bad thing, and I'd
look at this question primarily from a security point of view - and if you
were the script kiddie, how would you exploit the machine.
I'd set the root up on the D:\ because this keeps all your web pages with
lots of exciting and exploitable code in them (asp with vb and java script)
away from your system files on your local disk - C:\
If the situation was unavoidable and you had to set the root on your C:\,
you could use option 1 - just ensure you delete the \issamples directory and
any other scripts supplied under the \inetpub folders.
I've never set the root up in in \Program Files folder and probably wouldn't
want to purely from an administrative/house-keeping point of view: your root
will grow in size and complexity and it's often a good idea to have a clean
layout from the root - uncluttered by higher directories. I guess the other
point is that you probably have quite a few .exe files in your \Program
Files directory which could be used malicously if exploited.
Another thing to bear in mind is, in the worse-case scenario and your
machine is infected with something like Nimda, how will you go about
rebuilding your machine ? If the root is on a separate partition, or even a
separate drive you may have a better chance of localising the infection.
The final justification for option 5, is the placement of your ftp
account(s). If a script kiddie compromised your ftp account, but this was
placed on the separate partition, it would be harder to exploit system files
than if the ftp root was on your C:\.
Regards,
Mike
ISP Hosting Engineer
-----Original Message-----
From: Daymon McCartney [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 02, 2001 6:37 AM
To: [EMAIL PROTECTED]
Subject: Location of web root
OK Everyone, I need some help!
I'm trying to articulate the reasons why it's better to place the root of a
website on a separate partition, or at least in a separate directory from
the application which uses IIS as a front-end...
An example
Client/Server Software program installed at C:\Program
Files\company\productname\
WWW Files can be installed to:
1. C:\InetPub\WWWRoot
2. C:\ProductNameWWW
3. C:\Program Files\company\ProductName\ProductWWW
4. C:\Program Files\company\ProductWWW
5. D:\
The website utilizes ADO, OLEDB (via MDAC 2.6 SP1) to connect to a SQL 7
database that is housed on another server. .ASP is the coding of choice
along with some plain HTML. The machines will be patched up-to-date and
plenty of other security measures will be taken!
Personally I believe the safest location would be on D:\ (if there's nothing
else on it). My next choice would be option #2, followed by #4. I don't
like the idea of having the webroot be a subfolder of the actual server
files (option 3), and I sure don't like it in the default
C:\InetPub\WWWRoot. Even though I can remove all the default mappings &
virtual directories from WWWRoot I still don't like the fact that some
scriptkiddie script might rely on the existence of a folder called
C:\Inetpub\WWWRoot.
I know I've read different places in the past some examples of how Option 3
can be exploited. All of the options on C: could be a problem if a
traversial exploit is used. The problem is I'm having problems searching
for this scenario on the common search engines. I'm getting way too many
false hits that don't address the issue at hand.
I *do* understand that there's a lot more to hardening an IIS installation
than the placement of the root folder. This is just one of the first things
that popped into my head at a meeting we had, so I mentioned it.
Unfortunately, everyone thinks I'm crazy and cannot see the impact that the
placement of the root folder may have. What sort of concrete evidence is
out there for me to use to support my case? ...Or am I just being too
paranoid about the placement of the root folder?!?
________________________________________________________________________
This email has been scanned for all viruses by the Star Internet Virus
Screen.
The service is provided in partnership with MessageLabs, the email security
company.
For more information on a higher level of virus protection visit
www.star.net.uk
________________________________________________________________________
________________________________________________________________________
This email has been scanned for all viruses by the Star Internet Virus
Screen.
The service is provided in partnership with MessageLabs, the email security
company.
For more information on a higher level of virus protection visit
www.star.net.uk
________________________________________________________________________
