|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Items within XP SP2 and Win2003
From: Scott Werley (scottw
corp.ptd.net)
Date: Thu Sep 30 2004 - 22:53:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Even running a small, non-critical (except to me) network with only one
server machine on it, I make it a point to not "browse the internet"
from the server...even though it has a host-based firewall and
up-to-date active virus scanner. Browsing the Internet should be done
from a workstation; when did people start sitting directly on servers
when not working only ON them?
To avoid further confusion, I am assuming when Eric states adding each
individual site in order to visit them, we have switched discussion
entirely from XPSP2 & Win2k3 to just Win2k3, which does implement this
feature by default (although it can be easily removed via Add/Remove
Windows Comps.)
Scott
> -----Original Message-----
> From: Eric McCarty [mailto:ericlawmpd.com]
> Sent: Tuesday, September 28, 2004 10:44 AM
> To: Depp, Dennis M.; larobinsbellatlantic.net; Joe Doyle;
> focus-mssecurityfocus.com
> Subject: RE: Items within XP SP2 and Win2003
>
> Who doesn't have a border firewall? commonly its router - firewall -
> switch. So you propose to do address filtering on your host based
> firewall ?. I suggest rethinking this strategy as IP Address range
> blocking should be done at the border router or firewall long
> before any
> Network Translations are done or any traffic traverses the local
> network. I can imagine a plethora of ways to get around host based IP
> restrictions, can't get to server1, take over another machine on
> internal network, then get to server1 and likewise.
>
> Running a host based firewall will not allow an extra layer
> of security
> if its doing the same thing the border router/firewall is doing.
>
> In order to browse the internet from the server you will have to add a
> lot of sites to the trusted sites list, and once a site is considered
> trusted it's all over anyway.
>
> -----Original Message-----
> From: Depp, Dennis M. [mailto:deppdmornl.gov]
> Sent: Tuesday, September 28, 2004 4:18 AM
> To: Eric McCarty; larobinsbellatlantic.net; Joe Doyle;
> focus-mssecurityfocus.com
> Subject: RE: Items within XP SP2 and Win2003
>
> Eric,
>
> A firewall will not only block services, but it will also selectively
> allow services. For example, I might need to run a web server, but I
> only want users from a buisness partner to access this site.
> I can use
> the firewall to limit access to a specific IP address or subnet. In
> this case, a host based firewall can add another layer of
> security to a
> system. I do agree that you should not be browsing the
> internet from a
> server. However, some people will continue to browse the
> internet from
> servers. The enhancements to IE6 with W2K3 will not affect you or I,
> but they will affect many others.
>
> Dennis
>
> > -----Original Message-----
> > From: Eric McCarty [mailto:ericlawmpd.com]
> > Sent: Monday, September 27, 2004 5:26 PM
> > To: Depp, Dennis M.; larobinsbellatlantic.net; Joe Doyle;
> > focus-mssecurityfocus.com
> > Subject: RE: Items within XP SP2 and Win2003
> >
> > I think this is a contradiction. On a server, you should
> turn off all
> > services you have no intention of having clients connect
> to, not setup
>
> > a firewall to block them. Next you should not be browsing
> the internet
>
> > using your server, and if you noticed, the enhanced browser
> security
> > prevents this for the most part anyway.
> >
> > Eric
> >
> >
> >
> > -----Original Message-----
> > From: Depp, Dennis M. [mailto:deppdmornl.gov]
> > Sent: Monday, September 27, 2004 9:27 AM
> > To: larobinsbellatlantic.net; Joe Doyle; focus-mssecurityfocus.com
> > Subject: RE: Items within XP SP2 and Win2003
> >
> > WRT Windows firewall and IE updates.
> >
> > Dennis
> >
> > > -----Original Message-----
> > > From: Laura A. Robinson [mailto:larobinsbellatlantic.net]
> > > Sent: Sunday, September 26, 2004 2:38 AM
> > > To: 'Joe Doyle'; focus-mssecurityfocus.com
> > > Subject: RE: Items within XP SP2 and Win2003
> > >
> > > In what respects?
> > >
> > > Laura
> > >
> > > > -----Original Message-----
> > > > From: Joe Doyle [mailto:joe.doylepromega.com]
> > > > Sent: Wednesday, September 22, 2004 5:38 PM
> > > > To: focus-mssecurityfocus.com
> > > > Subject: RE: Items within XP SP2 and Win2003
> > > >
> > > >
> > > > Not yet. Windows 2003 Service Pack 1 is supposed to
> > bring it up to
> > > > speed with Windows XP SP2.
> > > >
> > > > Joe
> > > >
> > > > -----Original Message-----
> > > > From: James Bowman [mailto:jimdrexel.edu]
> > > > Sent: Sunday, September 19, 2004 9:11 PM
> > > > To: focus-mssecurityfocus.com
> > > > Subject: Items within XP SP2 and Win2003
> > > >
> > > >
> > > >
> > > > Is their a set of hotfixes needed for 2003 that make it
> > comprable in
> >
> > > > features / overall security posture to XP SP2?
> > > >
> > > >
> > > >
> > > > Although there's probably a bevy of XP SP2 items embedded
> > in 2003, I
> >
> > > > would imagine there's a bunch that's not...
> > > >
> > > >
> > > >
> > > > Thanks
> > > >
> > > > --------------------------------------------------------------
> > > > ----------
> > > > ---
> > > > --------------------------------------------------------------
> > > > ----------
> > > > ---
> > > >
> > > >
> > > >
> > > >
> > > > --------------------------------------------------------------
> > > > -------------
> > > > --------------------------------------------------------------
> > > > -------------
> > > >
> > >
> > >
> > > --------------------------------------------------------------
> > > -------------
> > > --------------------------------------------------------------
> > > -------------
> > >
> > >
> >
> > --------------------------------------------------------------
> > ----------
> > ---
> > --------------------------------------------------------------
> > ----------
> > ---
> >
> >
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]