RE: [FW1] Code Red: What security specialist don't mention in war nings

["METE EMINAGAOGLU (IT)" <mete.e@FW1-NOSPAMdigiturk.net>]

Title: RE: [FW1] Code Red: What security specialist don't mention in warnings

Hi to all....

>>Patching IIS,

>>Dropping all outgoing packets from IIS Servers in the DMZ,

>>Using any alternative Web Server to IIS...

These are all good solutions....

But lem'me ask u sthg:

Why don't u use CP FW' s security server? (Checking with resource...)

For example, if Code Red is the case,

Why don't u put a rule above all the http-related rules such as;

Source      Dest.           Service                             Action
Any           Any             http->with resource           Drop

And the http->with resource service will be defined as a New Resource ---- URI;

URI:

Connection Methods:Transparent, Proxy (perhaps not so nec. but doesn't give any headache at least...)
Schemes: http (only this will be enough..)
Methods: all (so as to guarantee...)
Host:*
Path:{*/default.ida?*}
Query:*

Save everythg, and install....

It should be noted that since mostly *.ida is useless, this rule presumably shouldn't harm any Web-Server-based applications...