DISA IIS 7 Web Server Auditing

bubblesradiographerΔιακομιστές

4 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

94 εμφανίσεις

SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
TENABLE NETWORK SECURITY
DISA IIS 7 Web
Server Auditing
March 15, 2012 at 11:57pm CDT
Dave Breslin [disaiis7]
Confidential: The following report contains confidential information. Do not distribute, email, fax,
or transfer via any electronic mechanism unless it has been approved by the recipient company's
security policy. All copies and backups of this document should be saved on protected storage at all
times. Do not share any of the information contained within this report with anyone unless they are
authorized to view the information. Violating any of the previous instructions is grounds for termination.
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Table of Contents
Tenable Network Security
i
Table of Contents
Configuration Audit Summary..............................................................................................1
Web Server Plugins and Patch Audit Summary..............................................2
Configuration Audit Details - Fails and Couldn't Execute....................3
10.0.0.14......................................................................................................................................................................3
10.0.0.15......................................................................................................................................................................4
10.0.0.16......................................................................................................................................................................5
Web Server Plugin Details - Info Severity Level Excluded..................6
10.0.0.14......................................................................................................................................................................6
10.0.0.15......................................................................................................................................................................7
10.0.0.16......................................................................................................................................................................8
Patch Audit Details - All Microsoft Bulletins.......................................................9
10.0.0.14......................................................................................................................................................................9
10.0.0.15....................................................................................................................................................................10
10.0.0.16....................................................................................................................................................................11
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Configuration Audit Summary
Tenable Network Security
1
Configuration Audit Summary
Compliance Checks. Info = Pass, Medium = Couldn't Execute, High = Fail
IP Address
NetBIOS Name
Info
Med.
High
10.0.0.16
ITSDEPT/W3
29
0
2
10.0.0.15
ITSDEPT/W2
29
0
2
10.0.0.14
ITSDEPT/W1
29
1
1
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Server Plugins and Patch Audit Summary
Tenable Network Security
2
Web Server Plugins and Patch
Audit Summary
Web Server Plugins. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
IP Address
NetBIOS Name
Info
Low
Med.
High
Crit.
10.0.0.16
ITSDEPT/W3
6
0
2
0
0
10.0.0.15
ITSDEPT/W2
6
0
2
0
0
10.0.0.14
ITSDEPT/W1
6
0
2
0
0
Microsoft Bulletins. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
IP Address
NetBIOS Name
Info
Low
Med.
High
Crit.
10.0.0.16
ITSDEPT/W3
0
0
0
2
0
10.0.0.15
ITSDEPT/W2
0
0
0
1
0
10.0.0.14
ITSDEPT/W1
0
0
0
3
0
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Configuration Audit Details - Fails and Couldn't Execute
Tenable Network Security
3
Configuration Audit Details -
Fails and Couldn't Execute
10.0.0.14
NetBIOS Name: ITSDEPT/W1
Last Scan: Mar 15, 2012 @ 11:28PM
Configuration Audit Details. Medium = Couldn't Execute, High = Fail
Severity
Plugin Name
High
WA000-WI100 - The File System Object (FSO)
component will be disabled. - 'HKEY_CLASSES_ROOT
\Scripting.FileSystemObject' Check
Medium
WA000-WI080 - The use of Internet Printing Protocol (IPP) will
be disabled on the IIS web server. - Internet Printing Role Check
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Configuration Audit Details - Fails and Couldn't Execute
Tenable Network Security
4
10.0.0.15
NetBIOS Name: ITSDEPT/W2
Last Scan: Mar 15, 2012 @ 11:28PM
Configuration Audit Details. Medium = Couldn't Execute, High = Fail
Severity
Plugin Name
High
WG220 - Access to web administration tools will be restricted to
the web manager and the web manager's designess.
High
WG195 - Anonymous access accounts will be restricted
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Configuration Audit Details - Fails and Couldn't Execute
Tenable Network Security
5
10.0.0.16
NetBIOS Name: ITSDEPT/W3
Last Scan: Mar 15, 2012 @ 11:28PM
Configuration Audit Details. Medium = Couldn't Execute, High = Fail
Severity
Plugin Name
High
WG385 - All web server documentation, sample code, example
applications, and tutorials will be removed from a production
web server - 'AdminScripts'
High
WG220 - Access to web administration tools will be restricted to
the web manager and the web manager's designess.
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Server Plugin Details - Info Severity Level Excluded
Tenable Network Security
6
Web Server Plugin Details - Info
Severity Level Excluded
10.0.0.14
NetBIOS Name: ITSDEPT/W1
Last Scan: Mar 15, 2012 @ 11:28PM
Web Server Plugin Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
Plugin
Plugin Name
Severity
Port
Exploit?
24244
Microsoft .NET Custom
Errors Not Set
Medium
80
No
Plugin
Plugin Name
Severity
Port
Exploit?
24244
Microsoft .NET Custom
Errors Not Set
Medium
443
No
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Server Plugin Details - Info Severity Level Excluded
Tenable Network Security
7
10.0.0.15
NetBIOS Name: ITSDEPT/W2
Last Scan: Mar 15, 2012 @ 11:28PM
Web Server Plugin Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
Plugin
Plugin Name
Severity
Port
Exploit?
24244
Microsoft .NET Custom
Errors Not Set
Medium
80
No
Plugin
Plugin Name
Severity
Port
Exploit?
24244
Microsoft .NET Custom
Errors Not Set
Medium
443
No
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Server Plugin Details - Info Severity Level Excluded
Tenable Network Security
8
10.0.0.16
NetBIOS Name: ITSDEPT/W3
Last Scan: Mar 15, 2012 @ 11:28PM
Web Server Plugin Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
Plugin
Plugin Name
Severity
Port
Exploit?
24244
Microsoft .NET Custom
Errors Not Set
Medium
80
No
Plugin
Plugin Name
Severity
Port
Exploit?
24244
Microsoft .NET Custom
Errors Not Set
Medium
443
No
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Patch Audit Details - All Microsoft Bulletins
Tenable Network Security
9
Patch Audit Details - All
Microsoft Bulletins
10.0.0.14
NetBIOS Name: ITSDEPT/W1
Last Scan: Mar 15, 2012 @ 11:28PM
Patch Audit Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
Plugin
Severity
Plugin Name
56451
High
MS11-077: Vulnerabilities in Windows
Kernel-Mode Drivers Could Allow Remote
Code Execution (2567053)
56452
High
MS11-078: Vulnerability in .NET
Framework and Microsoft Silverlight Could
Allow Remote Code Execution (2604930)
56455
High
MS11-081: Critical Cumulative Security
Update for Internet Explorer (2586448)
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Patch Audit Details - All Microsoft Bulletins
Tenable Network Security
10
10.0.0.15
NetBIOS Name: ITSDEPT/W2
Last Scan: Mar 15, 2012 @ 11:28PM
Patch Audit Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
Plugin
Severity
Plugin Name
56455
High
MS11-081: Critical Cumulative Security
Update for Internet Explorer (2586448)
DISA IIS 7 Web Server Auditing
SecurityCenter 4
TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Patch Audit Details - All Microsoft Bulletins
Tenable Network Security
11
10.0.0.16
NetBIOS Name: ITSDEPT/W3
Last Scan: Mar 15, 2012 @ 11:28PM
Patch Audit Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10
Plugin
Severity
Plugin Name
56452
High
MS11-078: Vulnerability in .NET
Framework and Microsoft Silverlight Could
Allow Remote Code Execution (2604930)
56455
High
MS11-081: Critical Cumulative Security
Update for Internet Explorer (2586448)