Re: [MLUG] Win2k a security risk

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EMAIL:PROTECTED
Subject: Re: [MLUG] Win2k a security risk
From: Camden Daily <EMAIL:PROTECTED>
Date: Mon, 30 Sep 2002 11:25:32 -0500
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED><EMAIL:PROTECTED><EMAIL:PROTECTED>
Reply-to: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

Microsoft's Baseline Security Analyzer 
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp) 
is a fairly helpful tool for finding security problems on Windows 
boxes.  It's by no means comprehensive, but definitely a good place to start.

Also, if you're worried about privacy concerns, make sure to remove "super 
cookies."  Open up Media Player, go to Tools -> Options, and make sure to 
uncheck "Allow internet sites to uniquely identify your player."  That's a 
pretty nasty one, and one that I make sure to disable on all the win boxes 
I set up.

HTH,
-Camden


At 10:56 AM 9/30/2002 -0500, you wrote:
>Thanks... Tips like this are exactly what I'm looking for.
>
>Daniel Nowlin wrote:
>>Christian
>>10 Minutes, that should be enough time to lock down your 2K system or at 
>>least lock it down better.  First run local security policy in amin tools 
>>and delete the 'EVERYONE' group from everything.  Next right click on 
>>every drive in My computer delete the 'EVERYONE' group from the security 
>>tab and make sure the propagate security settings down is checked.  This 
>>last thing is in the advanced settings I think.  That should be it.  The 
>>default setting of the 'EVERYONE' group is a major security risk in the 
>>default settings of 2K and NT.
>>
>>I help administer 5 2K machines in the datacenter and I feel they are 
>>secure or at least as secure as MS OS can be.  I have ran XP at home but 
>>went back to 2K because of all of the wizards that did not give me as 
>>much power.  This is even in XP Pro.  I would put my 2K system up against 
>>any default XP system any day.
>>>----- Original Message -----
>>>From: <mailto:EMAIL:PROTECTED>Christian M. Cepel
>>>To: <mailto:EMAIL:PROTECTED>EMAIL:PROTECTED
>>>Sent: Monday, September 30, 2002 09:26
>>>Subject: Re: [MLUG] Win2k a security risk
>>>
>>>Hey guys.  I run 2k on a couple of my boxes specifically because it's 
>>>more stable than 98se, and because I had thought that I would be 
>>>assuming a bit of a tighter security noose.
>>>
>>>Of course, wth the second reason, quite the opposte is true, but I 
>>>haven't had time to sit down and really 'learn' to admin the box like I 
>>>have previous versions.  The most I've done is keep all the critical 
>>>updates up to date.
>>>
>>>So.  since I am not going to have time to do what I 'Want' to do, but 
>>>want to do at least what I 'Need' to do, does anyone know of a good 
>>>HOWTO out there that details the insanities of the Win2kPro basic 
>>>install, and how I can go about a) being aware of and b) quickly closing 
>>>down/patching the more obvious exploits.   I've been told that I'm 
>>>likely running such services as web and ftp  and telnet servers right 
>>>out of the box, but haven't seen them when I've browsed around in the 
>>>admin utilities looking at what's running, and what's to be started up 
>>>as a system service.  Makes me darn nervous.  So how about it 
>>>folks.  Know of any resources?  I just don't have 'time' to do it 
>>>'right', but as with insurance, and other such things...  I can't afford 
>>>"not" to do it.
>>>
>>>Actually   I'd also appreciate something similar for RedHat 7.3   I get 
>>>maybe 5-10 minutes a night to play with my box, and read and such.  I 
>>>choose 'highest' security on the install, but I know I'm running all 
>>>sorts of services I don't need/want, and I'm sure some of them are 
>>>security holes.  An example, is wine.  I didn't ask for it to be 
>>>installed, but it was, and now it's run in one of the init levels.  I'm 
>>>not using it as an example of a security hole, but rather as an example 
>>>of overhead that I don't want on my 64mb 133mhz box, that I don't know 
>>>how to 'turn off' properly.
>>>
>>>Thanks all.
>>>
>>>  //Christian
>>>
>>>Matthew W. Ross wrote:
>>>>>
>>>>>It looks to me like give people a gun instead of a knife, because it 
>>>>>is not
>>>>>so sharp.
>>>>>
>>>>
>>>>
>>>>Not so sharp is exactly the right phrase for this decision...
>>>>
>>>>--
>>>>To unsubscribe, go to 
>>>><http://mlug.missouri.edu/members/edit.php>http://mlug.missouri.edu/members/edit.php
>>>>
>>>>Archives are available at 
>>>><http://mlug.missouri.edu/list-archives/>http://mlug.missouri.edu/list-archives/
>>>>
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

References:
- Re: [MLUG] Win2k a security risk
  - From: "Matthew W. Ross" <EMAIL:PROTECTED>
- Re: [MLUG] Win2k a security risk
  - From: "Christian M. Cepel" <EMAIL:PROTECTED>
- Re: [MLUG] Win2k a security risk
  - From: "Daniel Nowlin" <EMAIL:PROTECTED>
- Re: [MLUG] Win2k a security risk
  - From: "Christian M. Cepel" <EMAIL:PROTECTED>

Prev by Date: [MLUG]
Next by Date: [MLUG]
Previous by thread: Re: [MLUG] Win2k a security risk
Next by thread: [MLUG] Assist: Choosing a list daemon.
Index(es):
- Date
- Thread