Carrell Jackson, the Web developer for Alexander Rocco Corporation, has informed you that Microsoft IIS 6.0 is used for the company’s Web site. He’s proud of the direction the Web site is taking and says it has more than 1000 hits per week. Customers can reserve hotel rooms, schedule tee times for golf courses, and make reservations at any of the facility’s many restaurants. Customers can enter their credit card information and receive confirmations via e- mail. Based on this information, write a memo to Mr. Jackson listing any technical cybersecurity alerts or known vulnerabilities of IIS 6.0. If you find vulnerabil- ities, your memo should include recommendations and be written in a way that doesn’t generate fear or uncertainty but encourages prudent decision making. Solution When attacking Web sites, script kiddies go for an easy kill. They look for common activities. Here is a list of some of the top vulnerabilities found in Web sites running on Microsoft\'s Internet Information Server (IIS). Some of the vulnerabilities, such as open ports, are not particular to IIS. Both CERT and CIAC are exceptional sources on the latest vulnerabilities that are disturbing Web sites. Be careful that your network and system should not be vulnerable to the attackers by keeping your covers up to date. Microsoft Baseline Security Analyzer is a security hotfix of Microsoft scans the networks for the vulnerable points. You may also want to ponder upgrading your IIS installation to IIS 6.0, which offers vividly increased security over previous versions. I explained how to protect a Web site from these and other vulnerabilities. Some of the known Vulnerabilities in IIS6.0 are given below Default installs of operating system and applications: Many users fail to gain what an installation program really installs on their machine. Windows and IIS both install superfluous services and dangerous samples. The unpatched services, sample programs and code deliver means for attacking a Web site. Accounts with weak or nonexistent passwords: IIS 6.0 uses several built-in or default accounts. Attackers usually look for these accounts. They should be recognized and changed if not removed from the system. Large number of open ports: Every visitor, good or bad, connects to a site and system via an open port. By default, Windows and IIS ship with extra ports open than are required to function properly. It is significant to keep the minimum number of ports open on a system. Close all other ports. Unicode vulnerability (Web Server Folder Traversal): By sending an IIS server a prudently created URL containing an inacceptable Unicode sequence, an attacker can easily bypass the normal IIS security checks and force the server to literally \"walk up and out\" of a directory and execute random scripts. Microsoft Server Message Block (SMB) vulnerability: The Server Message will Block the Protocol used by the Windows to share files and printers and to communicate between computers. A hac.