Share This [+]
December 23rd, 2009 by Andrew H.
Have you ever experienced resource contention on your server? If you have, a Windows feature called Windows System Resource Manager (WSRM) might help minimize the impact of those situations. WSRM allows you to control CPU and memory resource allocation to applications, terminal services users, and IIS Application pools when they are scarce.
CPU limits in WSRM kick in when CPU utilization exceeds 70%. Instead of limiting CPU usage, Windows ensures that processes receive at least the amount of processing power specified. You can think of it as a sort of QoS for processors. While being able to set process priority is a feature many people are aware of, it did not provide the level of granularity that many environments require. WSRM allows for different resource policies in different situations. For example, different policies might apply on the weekend than during the workday to allow your server’s priorities to match the priorities of the business.
In a Terminal Services environment, one user could potentially use all of the available processing power, causing other user sessions to become extremely slow. With WSRM, it is possible to guarantee a user a certain amount of processing power or divide it equally among users—all without wasting available resources. IIS application pools can be managed the same way, allowing administrators to prioritize websites similarly to applications.
Whether you have a misbehaving process you need to reign in, a power user slowing down a terminal server for other users, or just need a better way to manage your server’s resources, WSRM could be the tool that keeps your critical applications running smoothly.
Tags: IIS, memory, Windows, Windows System Resource Manager, WSRM
Share This [+]
December 16th, 2009 by Jason C.
What is URLScan? URLScan is a free tool provided by Microsoft that restricts certain kinds of HTTP requests that IIS will process. Though there are many different uses of URLScan, today I will only be covering SQL Injection blocking.
SQL Injections occur when attackers enter malformed SQL statements into data input fields. The attacker can modify or retrieve data from your database and, in some cases, they can even access data stored in your filesystem outside of SQL Server. If you find that you’re a victim of SQL Injection attacks and you’re not equipped to make all of the necessary changes to your application (or if the implementation of these changes could take a long time to implement) then URLScan may be a good fit for you until you can fix the root cause of the attack.
As of this writing, URLScan 3.1 is the latest edition and can be downloaded from Microsoft. A URLScan ISAPI filter is configured for all websites on your server after performing a default installation of URLScan. This ISAPI filter intercepts request for IIS and processes security rules defined in the URLScan.ini file against the requests.
The blocking of SQL injection attacks is handled by the DenyQueryStringSequences security rule. The rule matches IIS requests against a list of character sequences that you provide. If the request matches certain character sequences specified in the security rule, then the request is dropped, logged in the URLScan Logs, and a 404 status is returned. You can configure URLScan to only log requests that match your defined character sequences instead of blocking them. I would recommend starting off with the logging only mode so you can determine whether or not valid traffic may be blocked. If valid traffic is being blocked, you’ll need to modify the character sequences you are choosing to block.
Below is a configured DenyQueryStrinSequences security rule. I have added some of the most common SQL commands used in SQL Injection attacks:
Read the full post »
Tags: hacking, security, sql injection, urlscan, Windows
Share This [+]
November 25th, 2009 by Andy B.
Two weeks ago while attending LISA (the Large Installation System Administration conference), I heard many times that open source software is the way to go; after all, “you can’t beat free”. During one of the classes, someone from a university IT department pointed out that open source software is “free like a free puppy”. To the bemusement of the attendees, he explained his point. A free puppy still comes with costs –training, shots, food, etc.
Most IT decision makers understand that “free” software really isn’t free, so what factors go into the decision to use open source software over something proprietary?
Numerous surveys have been done to try and determine why someone would choose open source software. Surprisingly, few people rank cost as the number one reason (this figure varies, but is often around one in five). Although the software comes with no initial upfront fee, it still needs to be supported and maintained. Factors like staff training can add significantly to the cost of supporting a platform, as can the need to develop management tools that integrate into the infrastructure. Vendors, like Red Hat, offer training programs and certifications to help companies find staff with the necessary skills. Red Hat also offers tools to help manage an enterprise built on their flavor of Linux, along with their own technical support. None of these options are free, even though the core operating system is open source.
That said, one area where lower costs can be seen is in scalability. Once you have the staff at your disposal, you can rapidly scale out an open source platform without additional license fees (assuming you go with a truly free OS). Proprietary software (such as Windows) comes with a per-instance cost that grows with your server population. This is also true for a “supported” open source OS like Red Hat.
Read the full post »
Tags: Linux, LISA, open source, Windows
