OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: John Wienand (JWienandbna.com)
Date: Thu Aug 23 2001 - 11:12:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    "Discussions" are a great tool for sharing information.
    However, it is also helpful if someone acknowledges when
    they are wrong. A MS Press reference was shown that
    answered your earlier question, yet you breeze over that
    with nary a mention. An accusation, even an indirect one,
    calls for a retraction when it is proven incorrect.

    You equated leaving the default shares in place with "lazy
    administration", yet MS contradicts that.

    Now perhaps it makes sense in your network world, to perform
    unnecessary tasks, but in most environments, administrators
    don't have the time. Why restrict permission's twice? In
    other words, regardless of how you configure your shares,
    you still need to set NTFS permission's. Why not make it
    one stop shopping? A share permission will NEVER allow
    someone to circumvent an NTFS permission. What added
    security measure do you get from this extra administrative
    task? Nothing.

    OK I am jumping off the soapbox now.

    John

                                                                                                                        
                        "akomolafe"
                        <dejiprontoma To: "FOCUS-MSSECURITYFOCUS.COM" <FOCUS-MSsecurityfocus.com>
                        il.com> cc:
                                             Subject: Re: Windows 2000's Everyone permission
                        08/22/2001
                        10:05 PM
                                                                                                                        
                                                                                                                        

    OK, so you wrote articles for SecurityFocus AND you are
    Support Services
    Supervisor AND you subscribe to this SECURITY list, but you
    don't want to
    hear a "discussion" about what is right or wrong. Worse,
    having written so
    much articles, you can still claim that "there *IS* right
    and wrong in
    security".

    Now I know where you are coming from.

    Deji

    ----- Original Message -----
    From: "Paul Schmehl" <paulsutdallas.edu>
    To: "akomolafe" <dejiprontomail.com>; "Jerry Roy"
    <jroyaxcelerant.com>;
    "Douglas Cohn" <Douglas.Cohnhostcentric.com>;
    <michael.whitelmscae.com>;
    "FOCUS-MSSECURITYFOCUS.COM" <FOCUS-MSsecurityfocus.com>
    Sent: Wednesday, August 22, 2001 5:25 PM
    Subject: Re: Windows 2000's Everyone permission

    > ----- Original Message -----
    > From: "akomolafe" <dejiprontomail.com>
    > To: "Jerry Roy" <jroyaxcelerant.com>; "Douglas Cohn"
    > <Douglas.Cohnhostcentric.com>;
    <michael.whitelmscae.com>;
    > "FOCUS-MSSECURITYFOCUS.COM" <FOCUS-MSsecurityfocus.com>
    > Sent: Wednesday, August 22, 2001 6:17 PM
    > Subject: Re: Windows 2000's Everyone permission
    >
    >
    > > You want to lock down your server as much as possible.
    Why would you
    > prefer
    > > leaving the default "everyone Full" share permission to
    actually
    removing
    > > the "everyone" group and actually specifying the group
    you want to share
    > > your stuff for?
    > >
    > > This is not personal and not directed at anyone, but
    that is lazy
    > > administration, if I've ever seen one.
    >
    > OK. This is nothing personal either.
    >
    > I subscribed to this list because I have a strong interest
    in security and
    > because I'm responsible for security of the Windows
    networks at the
    > university. I know enough about security (in particular,
    viruses) to have
    > been asked to write articles for Securityfocus and have
    written a couple.
    > I'm no expert by any means. I suppose you could call me a
    journeyman.
    >
    > Comments like the above make me want to drop this list.
    I'm not here to
    > listen to people pontificate about what's right and wrong.
    There *is* no
    > right or wrong in security. There are only shades of
    grey. Everyone's
    > situation is different. The parameters that work in your
    network may not
    > work at all in mine or may not even be available to me to
    try out.
    > Furthermore, unless you know every single parameter of my
    network and what
    I
    > do every day, you are not qualified to judge whether or
    not I am "doing
    > things right". This is true of anyone, including the many
    so-called
    > experts.
    >
    > What you call "lazy administration" may be better than
    what you are doing,
    > but you don't have the perspective to know that. We would
    all be better
    > served if people would simply post what they *know* to be
    true and leave
    the
    > judgments and opinions out of their posts.
    >
    > 'Nuff said?
    >
    > Paul Schmehl paulsutdallas.edu
    > Supervisor, Support Services
    > University of Texas at Dallas
    > AVIEN Founding Member
    >