Securing old web server IIS6

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Securing old web server IIS6

L0 Member

Hello,

 

We are solving a case of an IIS6.1 vulnerability on an old Windows 2008 R2 SP1 system. Microsoft no longer has support for Windows update. The customer cannot migrate to the newer system yet.
Would Cortex XDR be able to secure IIS v6.1 web server vulnerabilities?

 

Thanks!

4 REPLIES 4

L3 Networker

@Fido Practically I think you should take defense in depth approach here and not just rely on Cortex XDR.

 

> Ring fence server i.e. make sure you lock it down into its own network.

> Monitor logons and expose what is required to the internet if a public facing internet.

> Enable IPS system for network traffic. (Test first by enabling IDS before IPS)

 

Apart from above, you should be able to get prevention on post exploitation activity with Cortex for un-known threats and as well for known threat.

Example: A command interpreter process such as cmd.exe or powershell.exe spawn from w3wp.exe

You can also create your own detection which can help you detect threats related to your environment.

 

What version of Cortex XDR are you looking to install?

Kind Regards
KS

Hi @Fido 

I agree with what @KanwarSingh01  suggests. 

You could develop some use cases and implement them through your own correlation rules, BIOCs, .... You could even ingest logs from your  IIS6.1 with Cortex XDR Collectors or Filebeat, parse them on XDR and from there you can be creative on what are your defensive goals (from which threats do you want to protect your web server) 

 

KR, 

Luis 

L0 Member

Thanks guys for the feedback.
@KanwarSingh01  We want to install Cortex XDR 7.7

You should be good here.

Kind Regards
KS
  • 2169 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!