Re: Having Security Problems with IIS

Michel Thiffault ( thiffault.michel@uqam.ca )
Sat, 26 Jul 1997 10:21:08 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: <É: "mail failed, returning to sender"
Next message: <Ù: "mail failed, returning to sender"

Is the account you are using at home defined with the same user id and
password as your administrative account on the server? If so, you
log on with the same privileges, even without accessing the domain.

Michel

Joseph Covey wrote:
>
> To be more specific, I am using NT 4.0 Workstation at home dialing
> into the
> Internet the same as all my customers. When I open the Internet
> Service
> Manager in the Microsoft Peer Web Services, I can connect to the IIS
> on my
> NT 4.0 Server at work without it asking for any logon or password and
> then
> I can actually configure and change any settings. I seem to remember
> trying
> this at one time but it would never connect or ask for logon. I am
> concerned that anyone running NT with IIS or MS Peer Web Services can
> connect to my IIS machine and change the configuration.
>
> Where does my NT workstation get the rights or permissions to be able
> to
> connect to the NT Server IIS though a TCP/IP connection over the
> Internet?
> The Workstation is set not to logon to domain. It is a member of
> Workgroup. When I connect to the Internet it is through a terminal
> server
> with radius. Where am I logging on to the NT server?
>
> Thanks,
>
> Joe Covey
> Netsites Internet Communications
>
> ----------
> > From: Eric Fagan <mailserve@pdqnet.net>
> > To: ntisp@emerald.iea.com
> > Subject: Re: Having Security Problems with IIS
> > Date: Saturday, July 26, 1997 12:40 AM
> >
> > > From: Joseph Covey <fatcat@netsites.net>
> > > Subject: Having Security Problems with IIS
> > >
> > > Can anyone tell me why I am able to connect to my NT 4.0 Server in
> the
> > > Internet Service Manager from my NT 4.0 Workstation that is on a
> dial-up
> > > PPP account the same as the rest of my dial-up customers. If just
> anyone
> >
> > What do you mean that you're connecting to NT "in the Internet
> Service
> > Manager"? ISM is an exe that runs on the server controlling IIS
> services.
> > Are you talking about web administration? You may have the
> workstation
> set
> > to logon to the domain - the account you are using is also probably
> the
> > admin one. Using an admin account, you'll be able to access many
> system
> > resources that a regular user can't simply becaus MSIE 3.0 will
> > automatically authenticate you when you try to access them. Use
> Netscape
> > to try to access those resources - it cannot do auto-network-
> > authentication like Internet Explorer. If Netscape can see whatever
> > resource you believe is protected (without asking for a password),
> everyone
> > can. (Netscape is always a good source to use if you want to check
> if
> > certain pages are *really* protected).
> >
> > Eric
> > mailserve@pdqnet.net
> >
> > ----------------------------------------------------------
> > NTISP Mailing List listserver@emerald.iea.com
> >
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com

-- Michel Thiffaultcoordonnateur, projet JURiS (http://www.juris.uqam.ca/), GRIDcharge de cours, Departement des sciences juridiques, UQAM(514) 987-3000 6656# (fax 514 987-6548)

Previous message: <É: "mail failed, returning to sender"
Next message: <Ù: "mail failed, returning to sender"