-
Quote:
Originally posted here by Jehnny
Default configuration doesn't matter one bit. Real security is not in the default config, it's in the user, who knows how to modify things to their liking and their own safety.
yes you are right.....very right.......
but dint M$ tried this thing on win 2k3 server ......making secure by turning off most of the default services.........
secondly someone asked ...what services....
friends they are the end user systems.....in local switched LAN environment...no IIS no domain controller...etc...do u ppl think this lowers the security concerns by considerable amount???
-
I'm not here realy to debate if M$ should make there os more secure or leave it like it is ...
I just wanna point out the following.
I work for a firm witch has about 6000 clients (in my countries norm is alot).
We have about 7 people who on a daily bases do maintanance on this machines...and another 7 who install clients daily.
Now none of this people give a rats ass about security on this clients ... the only thing that counts is getting the client to work and get to the next problem on time.
A lot of these pc's are implemented in hospitals , policeheadquarters and city ordance kind of things ... a lot of places where security should be an issue because these instances deal with classified information.
That's not M$ fault (I'll say it myself :D ) but if they would make os'es that are more secure (meaning setting off services that are not needed by clients by default) that would make a lot of difference I think ... as pointed out before it's the Administrators task to make a box secure but then again the administrator of a big firm is not the boss of the entire system and as we all know TIME IS MONEY .
We should offcourse look at the client software and the server software different I know it and you know it.
I also think we can keep discussing this until the next release by M$ but it will always stay the same.
Most of the security problems are created through workpressure in my opinion...less time creates more mistakes
anyway that's my opinion ,
C.
-
As others have pointed out in other threads, it's all about acceptable risk. The system/network owner needs to assess his or her need for functionality vs. risk of data loss, etc. to determine the proper security level. I don't like the idea of having Microsoft or anyone else make that decision for me (chosing default services, locking various things down, etc.) If a user needs certain functions and decides that the benefits outweigh the associated risk, then Microsoft shouldn't be the one to decide he or she doesn't.
Having said that, the group that installs hardware and software without performing a risk assessment is also making a risk decision. "I am willing to accept any risk that someone else thinks is ok without knowing how much risk that is." Hardly a position that a "security professional" would take and probably not one we can blame Microsoft for.
What about the home user or the small business without an IT department to do a risk assessment? Reading the newspapers is enough to tell them that the internet is somewhat risky, especially with an always on connection. Even these users make a risk decision -- some decide to find out more about the risks and what reasonable steps can be taken to address them and some decide to risk damage to their data and the potential use of their system as a zombie to harrass others rather than to take the time to learn a few basics. Again, it is a little hard to blame Microsoft for this attitude.
-
To all the people defending MS for enabling services by default in Windows 2003, I just have this to say. I can understand enabling services in XP Home and even XP Pro, but Windows 2003 is a server OS and what kind of administrator doesn't know what to enable or disable. IMO, Windows 2003 should have come with everything shut off and not just most things. That way, the admin could enable whatever he wanted and still have a secure system without worrying too much. Howerver, I do agree that the NT code base still needs to mature, unlike the UNIX one and that Windows 2003 is definitely a step in the right direction.
Cheers,
cgkanchi
-
everyone stands right but the major point i want to know "why M$ ppl are not working on tweaking the TCP/IP stack"....Null session and FIN acknowlegdement and the initial sequence numbers should be worked upon....well i would like to seek ur view on this .... mean while i am on with windows 2000 pro without the SP4 windows 2000 pro version 5 built 2195
-
Quote:
Originally posted here by NullDevice
everyone stands right but the major point i want to know "why M$ ppl are not working on tweaking the TCP/IP stack"....Null session and FIN acknowlegdement and the initial sequence numbers should be worked upon....well i would like to seek ur view on this .... mean while i am on with windows 2000 pro without the SP4 windows 2000 pro version 5 built 2195
I tell you what... I'll answer this for you, when you tell me why UN*X still uses a permission structure proved flawed back in 1976.
catch
