You are correct in everything you say, though: the default permissions
are completely insufficient to lock down a server which will have
interactive logins (like a terminal server). They are even to loose for
a web server.
--
Henry Sieff
I disagree a bit- he's only correct in saying that the default
permissions are weak. His scenario for an exploit was not correct.
Additionally, .Net is bringing significant changes as far as default
security settings, but that's another topic. ;-)
You are correct in everything you say, though: the default permissions
are completely insufficient to lock down a server which will have
interactive logins (like a terminal server). They are even to loose for
a web server.
--
Henry Sieff
I disagree a bit- he's only correct in saying that the default
permissions are weak. His scenario for an exploit was not correct.
Additionally, .Net is bringing significant changes as far as default
security settings, but that's another topic. ;-)
Laura
[ reply ]