Active Defense for web server – Part 1

Took a while, but I think I finally got something “new” worth sharing.

Again as with most things I do, this really isn’t anything new, but is really a mash up of other people’s ideas.

The purpose of this series is to do a little offensive defense of a web server (mostly focused on Microsoft).

We will start with some background: setting up IIS and logging, using ipsec as a firewall in Windows 2003, using command line commands to manage a firewall in Windows 2008 and mining logs with Logparser.

With that knowledge we will be able to set up a script to implement a very simple “web application firewall”.

We will conclude the series with a look at URLscan, a better version of the script and a Linux version of the “web application firewall”.

Stay tuned…