RE: [MLUG] Win2k a security risk

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <EMAIL:PROTECTED>
Subject: RE: [MLUG] Win2k a security risk
From: "Brent Deterding" <EMAIL:PROTECTED>
Date: Mon, 30 Sep 2002 17:10:44 -0500
Importance: Normal
In-reply-to: <EMAIL:PROTECTED>
Reply-to: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

www.cisecurity.com

Use and apply the tool for Win2K - directions are included, including screenshots.

-----Original Message-----
From: EMAIL:PROTECTED [mailto:EMAIL:PROTECTED]On Behalf Of Christian M. Cepel
Sent: Monday, September 30, 2002 9:26 AM
To: EMAIL:PROTECTED
Subject: Re: [MLUG] Win2k a security risk

Hey guys. I run 2k on a couple of my boxes specifically because it's more stable than 98se, and because I had thought that I would be assuming a bit of a tighter security noose.

Of course, wth the second reason, quite the opposte is true, but I haven't had time to sit down and really 'learn' to admin the box like I have previous versions. The most I've done is keep all the critical updates up to date.

So. since I am not going to have time to do what I 'Want' to do, but want to do at least what I 'Need' to do, does anyone know of a good HOWTO out there that details the insanities of the Win2kPro basic install, and how I can go about a) being aware of and b) quickly closing down/patching the more obvious exploits. I've been told that I'm likely running such services as web and ftp and telnet servers right out of the box, but haven't seen them when I've browsed around in the admin utilities looking at what's running, and what's to be started up as a system service. Makes me darn nervous. So how about it folks. Know of any resources? I just don't have 'time' to do it 'right', but as with insurance, and other such things... I can't afford "not" to do it.

Actually I'd also appreciate something similar for RedHat 7.3 I get maybe 5-10 minutes a night to play with my box, and read and such. I choose 'highest' security on the install, but I know I'm running all sorts of services I don't need/want, and I'm sure some of them are security holes. An example, is wine. I didn't ask for it to be installed, but it was, and now it's run in one of the init levels. I'm not using it as an example of a security hole, but rather as an example of overhead that I don't want on my 64mb 133mhz box, that I don't know how to 'turn off' properly.

Thanks all.

//Christian

Matthew W. Ross wrote:
It looks to me like give people a gun instead of a knife, because it is not
so sharp.
    
Not so sharp is exactly the right phrase for this decision...

--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
  

Follow-Ups:
- [MLUG] Off every subject whatsoever...
  - From: Chris Martin <EMAIL:PROTECTED>

References:
- Re: [MLUG] Win2k a security risk
  - From: "Christian M. Cepel" <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] RedHat 8.0 i386 ISOs
Next by Date: RE: [MLUG] RedHat 7.2 vs 7.3
Previous by thread: Re: [MLUG] Assist: Choosing a list daemon.
Next by thread: [MLUG] Off every subject whatsoever...
Index(es):
- Date
- Thread