After conducting preliminary security testing on the Alexander Rocco Corporation network, you have identified that the company has seven Web servers. One is a Windows 2003 Server system running IIS 6.0. Curt Cavanaugh, the Webmaster and network administrator, says the Web server is used only by sales personnel as a front-end to update inventory data on an Oracle database server. He says this procedure needs to be done remotely, and it’s convenient for sales personnel to use a Web browser when out of the office.
Question
a. Based on this information, write a one-page report on any possible vulnerabilities in the current configuration of the company’s Web server. Use the tools and techniques you have learned to search for possible vulnerabilities of IIS 6.0. Your report should include any recommendations that might increase Web security.
