Tim Mullen, 2003-04-27
With Windows Server 2003, Microsoft has finally produced an operating system that isn't begging to be hacked on the first boot.
Colapse all |
Post comment
Secure by Default - READ BEFORE YOU POST.
2003-04-28
Anonymous (2 replies)
Anonymous (2 replies)
To all *nix users: please post comments based on FACTS.
None of you have ever used W2K3 so don't pretend you have and that you are an expert on its inner and outer workings. Do not post irrelevant or false comments (i.e. see "lies").
This is a preemptive notification for what is sure to be "oh...
[ more ] [ reply ]
None of you have ever used W2K3 so don't pretend you have and that you are an expert on its inner and outer workings. Do not post irrelevant or false comments (i.e. see "lies").
This is a preemptive notification for what is sure to be "oh...
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-04-28
Anonymous (1 replies)
Anonymous (1 replies)
>None of you have ever used W2K3 so don't >pretend you have and that you are an expert on >its inner and outer workings. Do not post >irrelevant or false comments (i.e. see "lies").
I label myself as a Unix user. I have used W2k3. I'm actually attempting to hack it up right now. It's better than...
[ more ] [ reply ]
I label myself as a Unix user. I have used W2k3. I'm actually attempting to hack it up right now. It's better than...
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-04-29
Anonymous (2 replies)
Anonymous (2 replies)
You have?
Ok, tell me then, what primary method would you use to secure an Active Directory environment with multiple forests? What foreign security principals would you create? What IPSec policies would you use to secure the services at the protocol layer? What type of Exchange public store rest...
[ more ] [ reply ]
Ok, tell me then, what primary method would you use to secure an Active Directory environment with multiple forests? What foreign security principals would you create? What IPSec policies would you use to secure the services at the protocol layer? What type of Exchange public store rest...
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-04-30
Anonymous (2 replies)
Anonymous (2 replies)
=======================================
Ok, tell me then, what primary method would you use to secure an Active Directory environment with multiple forests? What foreign security principals would you create? What IPSec policies would you use to secure the services at the protocol layer? What type o...
[ more ] [ reply ]
Ok, tell me then, what primary method would you use to secure an Active Directory environment with multiple forests? What foreign security principals would you create? What IPSec policies would you use to secure the services at the protocol layer? What type o...
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-05-01
Anonymous (3 replies)
Anonymous (3 replies)
Uhm, actually, I am a network administrator for a company of 150 users (Toronto) and 58 (Montreal) and I have never seen an MCSE study book in my life. There goes that bit of nonsense. Now, the things I listed above are the basic requirements for setting up a secure Windows 2000/3 AD environment, an...
[ more ] [ reply ]
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-05-02
Anonymous
Anonymous
=================================
Uhm, actually, I am a network administrator for a company of 150 users (Toronto) and 58 (Montreal) and I have never seen an MCSE study book in my life.
=================================
Most of my experience is on Wall Street, and financial houses have quite ...
[ more ] [ reply ]
Uhm, actually, I am a network administrator for a company of 150 users (Toronto) and 58 (Montreal) and I have never seen an MCSE study book in my life.
=================================
Most of my experience is on Wall Street, and financial houses have quite ...
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-05-02
Penguinisto (1 replies)
Penguinisto (1 replies)
"Think about it, that would be like me installing a base copy of SuSE 8.0 on my desktop, farting around the security options in YaST2 and not really knowing anything about the underlying OS."
Sort of like what Tim Mullen did in this very article, in describing RedHat, yes?
Incidentally, (as re...
[ more ] [ reply ]
Sort of like what Tim Mullen did in this very article, in describing RedHat, yes?
Incidentally, (as re...
[ more ] [ reply ]
Secure by Default - Learn something (before you reply again).
2003-05-06
Anonymous (1 replies)
Anonymous (1 replies)
"2) IPSec encrypts packets (mostly for VPN nets*), and does not "secure services" (else that nasty ol' Messenger Service spam would've been dealt with a long time ago by simply using IPSec instead of registry hacks, eh?) I'm also curious about this new and mysterious "protocol layer" you mention as ...
[ more ] [ reply ]
[ more ] [ reply ]
Oh puh-leeze - you have to resort to sematics games?
2003-05-08
Penguinisto
Penguinisto
"LMFAO, uhm yes IPSec DOES secure services, this shows how clueless you are."
Oh, do name the MS services that are "secured" by IPSec... (you do know what Microsoft calls services, right? Hint: It's in an MMC snap-in. But please - constinue to cower behind this silly semantics game of yours and s...
[ more ] [ reply ]
Oh, do name the MS services that are "secured" by IPSec... (you do know what Microsoft calls services, right? Hint: It's in an MMC snap-in. But please - constinue to cower behind this silly semantics game of yours and s...
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-05-03
Anonymous
Anonymous
Sure, you can rattle down a list of strange-sounding things you have to do to a Windows machine to make it secure. So what? Any Unix geek (or VMS fanatic, or OS/390 hand, or...) can rattle down a similar list leaving you wondering what they are talking about. Good for you (and your company) you kn...
[ more ] [ reply ]
[ more ] [ reply ]
Secure by Default - READ BEFORE YOU POST.
2003-05-06
Anonymous
Anonymous
"But to rattle off the first 10 questions you saw on your MCSE exam you took yesterday, and pass that off on why W2K(3) is great is flat out laughable."
I have no idea what you guys are talking about but I do no one thing, one of you guys condemned the other for making an ad hominem attack and fo...
[ more ] [ reply ]
I have no idea what you guys are talking about but I do no one thing, one of you guys condemned the other for making an ad hominem attack and fo...
[ more ] [ reply ]
Secure by Default, Insecure by Birth
2003-04-28
Drek Software Inc. (2 replies)
Drek Software Inc. (2 replies)
What? Say 60 days from release into the public domain and we'll have our first major vulnerability reported. Probabaly less. The problem is illustrated by the author of this article. That is the vendor's equal inability to accept the fact that they simply cannot make secure products. It cannot by do...
[ more ] [ reply ]
[ more ] [ reply ]
Secure by Default, Insecure by Birth
2003-05-03
Anonymous (2 replies)
Anonymous (2 replies)
Ahhh ... just another ABM'er I see. Judge first, examine facts only if forced to do so.
So ... let's examine a couple of facts.
Red Hat 9 -- How many vulnerabilities in the first week alone? Two the first day, eight in the first week. In the first six weeks? Well, sixteen so far.
...
[ more ] [ reply ]
So ... let's examine a couple of facts.
Red Hat 9 -- How many vulnerabilities in the first week alone? Two the first day, eight in the first week. In the first six weeks? Well, sixteen so far.
...
[ more ] [ reply ]
Secure by Default, Insecure by Birth
2003-05-05
Anonymous
Anonymous
I've been responsible for the security of Solaris and Linux servers to the tune of about 2100 server-years, and you're overlooking (or ignoring) some very major issues, the biggest of which are stack protection and software design.
Our mailserver here is to be replaced in a few weeks, but in the ...
[ more ] [ reply ]
Our mailserver here is to be replaced in a few weeks, but in the ...
[ more ] [ reply ]
Secure by Default
2003-04-28
xenophi1e <oliver.lavery@sympatico.ca> (1 replies)
xenophi1e <oliver.lavery@sympatico.ca> (1 replies)
This article may be vaguely interesting for the one fact it contains, but the reasoning it demonstrates is quite deeply flawed.
Mr. Mullen is arguing from the premise that "Everything-on by default causes a system to be insecure". He then proceeds to argue that simply because the antecedent is no...
[ more ] [ reply ]
Mr. Mullen is arguing from the premise that "Everything-on by default causes a system to be insecure". He then proceeds to argue that simply because the antecedent is no...
[ more ] [ reply ]
It's partly real, but partly a PR thing
2003-04-30
Anonymous
Anonymous
It does help, but it's partly a PR thing. Look at OpenBSD. They claim "no security holes in the default install since (insert date here)." But no one runs a default install of OpenBSD, because a default install is useless. What matters is how secure the OS is once it's had useful services turned...
[ more ] [ reply ]
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-28
Penguinisto (4 replies)
Penguinisto (4 replies)
...you got a serious knack for emulating certain media types who nearly 100 years ago claimed a certain luxury liner was, how shall we put this... "unsinkable."
Haven't used Win2k3, don't much feel any particular need to - though the MSDNAA beta has been sitting idle on my desk for quite awhile n...
[ more ] [ reply ]
Haven't used Win2k3, don't much feel any particular need to - though the MSDNAA beta has been sitting idle on my desk for quite awhile n...
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-28
Anonymous (6 replies)
Anonymous (6 replies)
-------------------------------------
Come to think of it, the guy who said 60 days may be on to something. Anyone care to set up a betting pool? I'm a bit mroe optimistic, so I call dibs on, oh, "95 days" :)
-------------------------------------
Funny, Microsoft.com has been running on .NET f...
[ more ] [ reply ]
Come to think of it, the guy who said 60 days may be on to something. Anyone care to set up a betting pool? I'm a bit mroe optimistic, so I call dibs on, oh, "95 days" :)
-------------------------------------
Funny, Microsoft.com has been running on .NET f...
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-29
Anonymous (2 replies)
Anonymous (2 replies)
Uhm, even if W2K3 did end up having a big security hole in IIS or something that wouldn't make it a insecure OS - just like a bug in sendmail or BIND or Apache doesn't make Linux an insecure OS (although, open sorce is a menace to security imo). If a bad admin in the NSA configures his mail server a...
[ more ] [ reply ]
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-29
Penguinisto (1 replies)
Penguinisto (1 replies)
"Uhm, even if W2K3 did end up having a big security hole in IIS or something that wouldn't make it a insecure OS"
Err, didn't BillG say back in the Anti-trust trial that things like IIS and IE were integral parts of the OS and simply couldn't be removed for fear of crippling the OS?
Man, it's...
[ more ] [ reply ]
Err, didn't BillG say back in the Anti-trust trial that things like IIS and IE were integral parts of the OS and simply couldn't be removed for fear of crippling the OS?
Man, it's...
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-05-03
Anonymous (1 replies)
Anonymous (1 replies)
No, it was just IE. Please, stop rewriting history ... it just makes you look stupid.
And spoken just like a true Penguinista:
Ignoring inconvenient facts (15 vulns in RedHat 9 in 1 month! Zero so far in Win2K3!)
Making up new facts (IIS is an integral part of Windows ... it doesn't even com...
[ more ] [ reply ]
And spoken just like a true Penguinista:
Ignoring inconvenient facts (15 vulns in RedHat 9 in 1 month! Zero so far in Win2K3!)
Making up new facts (IIS is an integral part of Windows ... it doesn't even com...
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-05-05
Penguinisto
Penguinisto
XP Home/Pro/Etc came out after Microsoft was found Guilty (but don't let that nasty little fact get in your way ;).)
"Ignoring inconvenient facts"
YM the facts like parts of RH 9 have been out for much, much longer than a month? Or that unlike Win2k3, RH 9 is actually being used?
Also, vul...
[ more ] [ reply ]
"Ignoring inconvenient facts"
YM the facts like parts of RH 9 have been out for much, much longer than a month? Or that unlike Win2k3, RH 9 is actually being used?
Also, vul...
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-29
Anonymous
Anonymous
Doubt it, OpenSource software such as apache will never be toppled, no matter what.. oh, then there is our faithful domain name root servers all happily running opensource software, hmm, mail? nothing will topple the usage of Opensource mail servers. my point is, M$ will never be opensource, the int...
[ more ] [ reply ]
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-29
xenophi1e <oliver.lavery@sympatico.ca>
xenophi1e <oliver.lavery@sympatico.ca>
Uh, wait a second.
What exactly are you trying to say here?
One site running .NET server is hardly going to attract a lot of scrutiny from vuln hunters or h4x0rs. Even if it is microsoft.com.
While your numbers are correct, .NET server is currently only serving 30,000 hostnames according t...
[ more ] [ reply ]
What exactly are you trying to say here?
One site running .NET server is hardly going to attract a lot of scrutiny from vuln hunters or h4x0rs. Even if it is microsoft.com.
While your numbers are correct, .NET server is currently only serving 30,000 hostnames according t...
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-29
Anonymous
Anonymous
Please... there is NO SUCH THING as a totally secure OS. As the saying goes in InfoSec, "The only secure computer is one powered off, unplugged, and in a locked room." But that simply isn't practical.
This article wasn't about saying .Net was completely secure, it was saying that it's more secure...
[ more ] [ reply ]
This article wasn't about saying .Net was completely secure, it was saying that it's more secure...
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-29
Anonymous (2 replies)
Anonymous (2 replies)
>> I'm willing to wager that a lot of MCSEs will load everything on their shiny new installs, 'just in case' they need 'em <<
I am willing to wager that a lot of MCSEs will load everything on their shiny new installs because 6-months prior to that moment they had never touched a computer before....
[ more ] [ reply ]
I am willing to wager that a lot of MCSEs will load everything on their shiny new installs because 6-months prior to that moment they had never touched a computer before....
[ more ] [ reply ]
Zealotry comes in all forms.
2003-04-29
matt@beatlab.org (2 replies)
matt@beatlab.org (2 replies)
Amen. If i had a nickel for every clueless MCSE I've met - I'd retire. (Not to discount them all, obviously, blanket statements never work)
It's funny how I constantly see '*NIX Zealots' referred to.. yet, I bet the majority of those refering to us as "zealots" slapped some lame Linux distribution ...
[ more ] [ reply ]
It's funny how I constantly see '*NIX Zealots' referred to.. yet, I bet the majority of those refering to us as "zealots" slapped some lame Linux distribution ...
[ more ] [ reply ]
Zealotry comes in all forms.
2003-04-29
blacklight (1 replies)
blacklight (1 replies)
The CCNA exam covers only a small subset of TCP/IP: it deliberately ignores all application layer protocols including critical protocols such as ftp, smtp, www, icmp, snmp, etc. Of course, protocols such as dhcp, ldap, dns are not covered in the CCNA exam either. I nevertheless think that the CCNA i...
[ more ] [ reply ]
[ more ] [ reply ]
Zealotry comes in all forms.
2003-05-06
Noran Rad
Noran Rad
Finally a point i can agree with ... btw .. if anonymous just touched a *nix or *bsd distro it shows, with knowledge comes understanding, u do not understand..here lesson 1.... http://www.theregister.co.uk/content/35/30550.html . i suggest you learn first...boasting is for people who know something ...
[ more ] [ reply ]
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-04-30
Anonymous (1 replies)
Anonymous (1 replies)
You are such a moron! You start off with "Haven't used Win2k3 but..." What makes you think you have an opinion about anything when you have not even looked at it? You are nothing but another Linux troll who knows nothing about Windows but pretends to. ...
[ more ] [ reply ]
[ more ] [ reply ]
Well, I'll give you this much, Timster...
2003-05-03
Anonymous
Anonymous
Well, I'll give you this Pengunista ...
I think Red Hat 9 has set a new world's record!
For the most vulnerabilities reported in the first month of release! It's a whopping FIFTEEN. In 1 month! That's a new vulnerability every two days! Wow! They must've really tried hard for that. Ho...
[ more ] [ reply ]
I think Red Hat 9 has set a new world's record!
For the most vulnerabilities reported in the first month of release! It's a whopping FIFTEEN. In 1 month! That's a new vulnerability every two days! Wow! They must've really tried hard for that. Ho...
[ more ] [ reply ]
Secure by Default
2003-04-29
blacklight
blacklight
I haven't tried MS Windows 2003, but I do grant that this change in the startup configuration is a significant improvement over the preceding products. A service that is not run is a service that cannot be attacked.
I will point out that our cracker friends have not yet put Windows 2003 through i...
[ more ] [ reply ]
I will point out that our cracker friends have not yet put Windows 2003 through i...
[ more ] [ reply ]
Secure by Default (Pathetic)
2003-04-29
Anonymous (3 replies)
Anonymous (3 replies)
That's cute. You even have microsoft people posting here. The article starts with making excuses as to why windows is completely unsecure out of the box by talking about how ms wanted to please people by loading the most popular programs first. Oh, I hear tears falling in redmon because they feel t...
[ more ] [ reply ]
[ more ] [ reply ]
Secure by Default (Pathetic)
2003-04-30
Th. Klein
Th. Klein
"Look, we know ms isn't secure. And hey, we thank you, that's what keeps us employed. If the whole world ran on Unix boxes, the information security industry would have never come about."
You are joking, Mr. or Mrs. Anonymous, aren't you? If you make such unprofessional assertions, why not under ...
[ more ] [ reply ]
You are joking, Mr. or Mrs. Anonymous, aren't you? If you make such unprofessional assertions, why not under ...
[ more ] [ reply ]
Opinionated by Default (Pathetic)
2003-04-30
Bruce
Bruce
Oh grow up!
Realize that not all of your MS admins are from the last 6 months. Many of us are command line/keyboard junkies. Many of us cut our teeth on other systems - Novell in my shop.
You sound like the 5th graders I had to deal with when I took my son on his last field trip.
There are ...
[ more ] [ reply ]
Realize that not all of your MS admins are from the last 6 months. Many of us are command line/keyboard junkies. Many of us cut our teeth on other systems - Novell in my shop.
You sound like the 5th graders I had to deal with when I took my son on his last field trip.
There are ...
[ more ] [ reply ]
Secure by Default (Pathetic)
2003-05-02
blacklight (2 replies)
blacklight (2 replies)
"Look, we know ms isn't secure. And hey, we thank you, that's what keeps us employed."
No NOS product is secure in absolute terms. In relative terms, Windows 2003 "looks" to be more secure then Windows 2000 - I say "looks" because it hasn't been cracker tested yet -. In turn, Windows is clearly m...
[ more ] [ reply ]
No NOS product is secure in absolute terms. In relative terms, Windows 2003 "looks" to be more secure then Windows 2000 - I say "looks" because it hasn't been cracker tested yet -. In turn, Windows is clearly m...
[ more ] [ reply ]
Secure by Default
2003-04-29
Anonymous (1 replies)
Anonymous (1 replies)
A secure network is built from more than just the OS that is running on it. Any admin who hasn't learned that lesson yet isn't going to be able to build a secure enviroment no matter what OS he runs.
Admins who rely on and and look only at an OS to secure their networks, rather than relying on ...
[ more ] [ reply ]
Admins who rely on and and look only at an OS to secure their networks, rather than relying on ...
[ more ] [ reply ]
Secure by Default
2003-04-29
Doug Sibley (3 replies)
Doug Sibley (3 replies)
Come now, if an OS/application is insecure and there is no reported vuln, how is an admin supposed to protect his/her system from those who need to use said OS/application?
Yes, we can build in another layer for those who don't need to use that OS/application but for those who do (esp. for public...
[ more ] [ reply ]
Yes, we can build in another layer for those who don't need to use that OS/application but for those who do (esp. for public...
[ more ] [ reply ]
Secure by Default
2003-04-30
Anonymous
Anonymous
Network security is the concern of those who run their network. It's not the responsiblity of Microsoft or Red hat or Cisco. They can help by posting patches and finding "holes" for their products as soon as possible. But they can't protect your network or computers for you.
Frankly, If I hire...
[ more ] [ reply ]
Frankly, If I hire...
[ more ] [ reply ]
Secure by Default
2003-04-29
Anonymous (1 replies)
Anonymous (1 replies)
>That's cute. You even have microsoft people posting here.
hehehe...I was almost expecting the Microsoft Buddy to chime in..."and don't forget to plug your computer in otherwise our new OS won't work!!! [<- 3 exclamation marks to illustrate AOL enthusiasim]"...
[ more ] [ reply ]
hehehe...I was almost expecting the Microsoft Buddy to chime in..."and don't forget to plug your computer in otherwise our new OS won't work!!! [<- 3 exclamation marks to illustrate AOL enthusiasim]"...
[ more ] [ reply ]
Secure by Default
2003-05-01
Anonymous
Anonymous
nah, he understands that most people reading a windows article would be windows users with a clue. If he thought it were a unix group I'm sure he would have posted a beginners guide to using your computer (i.e. don't just plug it in and turn it on, also connect the peripheral devices such as keyboar...
[ more ] [ reply ]
[ more ] [ reply ]
Hrm
2003-04-30
DC0 (1 replies)
DC0 (1 replies)
Well we always seem to get what i dub the ZDNET fights... And the classic OS war. Any who, security isnt soley based on the OS. I would hope most have at least a firewall blocking the majority of the ports except maybe SMTP(port 25 for those who need 2 know) for mail servers, and HTTP (port 80) for ...
[ more ] [ reply ]
[ more ] [ reply ]
Where can I find the companion texts you cited?
2003-05-02
Jim Barrett (1 replies)
Jim Barrett (1 replies)
you mention the companion texts: Windows Sever 2003 Security Guide" and an XP/Win2k3 "Threats and Countermeasures"
Where do I find these? A search on both Amazon and Microsoft's own web site don't turn anything up. Are these hard copy or available online (or maybe they are on the W2K3 CD?)...
[ more ] [ reply ]
Where do I find these? A search on both Amazon and Microsoft's own web site don't turn anything up. Are these hard copy or available online (or maybe they are on the W2K3 CD?)...
[ more ] [ reply ]
Where can I find the companion texts you cited?
2003-05-06
Anonymous
Anonymous
Michael Howard (M$) released bulletins to the 'Bugtraq' Mailing list.
Windows Server 2003 Security Guide:
http://go.microsoft.com/fwlink/?LinkId=14845
Threats and Countermeasures: Security Settings in Windows Server 2003
and Windows XP
http://go.microsoft.com/fwlink/?LinkId=15159
MSS Glo...
[ more ] [ reply ]
Windows Server 2003 Security Guide:
http://go.microsoft.com/fwlink/?LinkId=14845
Threats and Countermeasures: Security Settings in Windows Server 2003
and Windows XP
http://go.microsoft.com/fwlink/?LinkId=15159
MSS Glo...
[ more ] [ reply ]
Partial list of on default default services in ws2003
2003-05-05
Anonymous (1 replies)
Anonymous (1 replies)
I would like to note that my Windows Server 2003 install had the following services that I don't need on by default.
- Registry remotely accessible
- All hard disks shared in c$ style hidden shares
- Remote access to the Service Control Manager enabled, this allows starting / stopping of services...
[ more ] [ reply ]
- Registry remotely accessible
- All hard disks shared in c$ style hidden shares
- Remote access to the Service Control Manager enabled, this allows starting / stopping of services...
[ more ] [ reply ]
Partial list of on default default services in ws2003
2003-05-06
Anonymous
Anonymous
"several odd ports listening including UDP 123 ??"
NTP Service - UDP Port 123
The Network Time Protocol (NTP) is used to synchronize your computers time with another, more accurate clock. In Microsoft Windows systems, the service that performs this function is 'Windows Time'.
Note: this is al...
[ more ] [ reply ]
NTP Service - UDP Port 123
The Network Time Protocol (NTP) is used to synchronize your computers time with another, more accurate clock. In Microsoft Windows systems, the service that performs this function is 'Windows Time'.
Note: this is al...
[ more ] [ reply ]
[ more ] [ reply ]