|
Focus on Microsoft
Windows 2003 Server - MS Rulez? May 23 2003 10:02PM Street (streetseeker mail ru) (2 replies) Re: Windows 2003 Server - MS Rulez? May 24 2003 02:02AM Jimi Thompson (jimit myrealbox com) (1 replies) RE: Windows 2003 Server - MS Rulez? May 24 2003 07:46PM Laura A. Robinson (larobins bellatlantic net) |
|
|
Privacy Statement |
You can restrict by path (usually you would actually be *un*restricting by
path when your default policy is a disallow), you can restrict by Internet
zone, you can restrict by hash, and you can restrict by code signing.
There's quite a bit more to it than I've listed here, but you may want to
start here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt
echn
ol/winxppro/maintain/RstrPlcy.asp
And as far as whether or not there is a way around the hash, absolutely
there is. Bring another version of the software to the machine. Its hash
will be different. That's why hash rules would be better for *allowing*
software under a disallow by default policy as opposed to *disallowing*
under an allow by default policy.
Laura
> -----Original Message-----
> From: Street [mailto:streetseeker (at) mail (dot) ru [email concealed]]
> Sent: Friday, May 23, 2003 6:02 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Windows 2003 Server - MS Rulez?
>
>
> Hello list. Today I have attended to official presentation of
> Microsoft Windows 2003 Server. And the representatives of
> Microsoft gave to my organisation an evaluation version of
> 2003 Server. That thing looks very secure, i.e. known methods
> of attack did not gave a damn thing. Also I learned an
> interesting feature - prohibition of launch of any program is
> not made by its exe name - it makes a hash from the body of
> program and politics are applied using this hash. I wonder
> whether this method is secure and if there are any ways to defeat it.
>
> Any thoughts? Thank you in advance.
>
> --
> Best regards,
> Street mailto:streetseeker (at) mail (dot) ru [email concealed]
>
>
> --------------------------------------------------------------
> ---------------
> *** Wireless LAN Policies for Security & Management - NEW
> White Paper *** Just like wired networks, wireless LANs
> require network security policies that are enforced to
> protect WLANs from known vulnerabilities and threats.
> Learn to design, implement and enforce WLAN security policies
> to lockdown enterprise WLANs.
>
> To get your FREE white paper visit us at:
> http://www.securityfocus.com/AirDefense-focus-ms
> --------------------------------------------------------------
> ----------------
>
------------------------------------------------------------------------
-----
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-focus-ms
------------------------------------------------------------------------
------
[ reply ]