{"id":141,"date":"2013-01-22T02:00:00","date_gmt":"2013-01-22T02:00:00","guid":{"rendered":"http:\/\/marcbook.local\/wds\/playground\/cybertrust\/2013\/01\/22\/microsofts-free-security-tools-urlscan-security-tool\/"},"modified":"2023-05-15T23:06:26","modified_gmt":"2023-05-16T06:06:26","slug":"microsofts-free-security-tools-urlscan-security-tool","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2013\/01\/22\/microsofts-free-security-tools-urlscan-security-tool\/","title":{"rendered":"Microsoft\u2019s Free Security Tools \u2013 URLScan Security Tool"},"content":{"rendered":"

This article in our free security tools series<\/a> focuses on the benefits of the URLScan Security Tool<\/a>.\u00a0 Attackers often use websites to conduct phishing attacks or distribute malware.\u00a0 According to the Microsoft Security Intelligence Report Volume 13<\/a>, there were 4.4 phishing sites per 1,000 Internet hosts worldwide in the second quarter of 2012 (2Q12) alone.\u00a0 Malicious websites typically appear to be completely legitimate and often provide no outward indicators of their malicious nature, even to experienced computer users. In many cases, these sites are legitimate websites that have been compromised by malware, SQL injection, or other techniques in an effort by attackers to take advantage of the trust users have in them.<\/p>\n

One of the best ways to keep potentially malicious Internet traffic from attacking your Internet Information Services (IIS) Web server is to keep it from getting to the Web server service.\u00a0\u00a0 To help protect users from malicious webpages, Microsoft and other browser vendors have developed filters that keep track of sites that host malware and phishing attacks and display prominent warnings when users try to navigate to them. One tool Microsoft created a few years back to help protect users from malicious webpages is URLScan<\/a>.<\/p>\n

URLScan is a security tool that restricts the types of HTTP requests that IIS will process. URLScan scans incoming URL requests and associated data. It uses a series of rules to determine whether the information in each request is potentially dangerous, or contains information not normally expected.\u00a0 To help you diagnose any potential problems and any attempts to upset your server, URLScan can also log requests\u2014including the offending request data. By blocking specific HTTP requests, the URLScan security tool helps to prevent potentially harmful requests from reaching applications on the server.<\/p>\n

Using this tool allows much greater control over what requests an IIS Web server responds to and helps reduce the systems susceptibility to certain types of known attacks and methods used by viruses, worms, and hackers.\u00a0 While URLScan technologies (such as built in Request Filtering Module) are built in to IIS 7 or newer versions of IIS, it is still a valuable tool for systems that are running IIS 6.0 and below.\u00a0 For reference, below is a list of the operating systems and their default IIS version:<\/p>\n\n\n\n\n\n\n\n\n\n\n
Operating System\u00a0<\/strong><\/td>\nInternet Information Server (IIS) Version\u00a0<\/strong><\/td>\n<\/tr>\n
Windows XP<\/td>\nIIS 5.1<\/td>\n<\/tr>\n
Windows Server 2003<\/td>\nIIS 6.0<\/td>\n<\/tr>\n
Windows Vista<\/td>\nIIS 7.0<\/td>\n<\/tr>\n
Windows Server 2008<\/td>\nIIS 7.0<\/td>\n<\/tr>\n
Windows Server 2008 R2<\/td>\nIIS 7.5<\/td>\n<\/tr>\n
Windows 8<\/td>\nIIS 8.0<\/td>\n<\/tr>\n
Windows Server 2012<\/td>\nIIS 8.0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The filters in URLScan are based upon rules that the administrator configures. Administrators may configure URLScan to reject HTTP requests based on the following criteria:<\/p>\n