Security Basics mailing list archives
Re: Windows Server 2003
From: Sean Earp <smearp () mac com>
Date: Wed, 10 Sep 2003 13:20:16 -0700
Chris-Well, "secure by default" means that it ships with NOTHING activated. IIS, etc is turned off, and Internet Explorer is virtually unusable out of the box (NO site is trusted, and you have to explicitly trust a site to download, or do just about anything).
Is it more secure out of the box than Windows 2000? Sure. Is it immune to common attack vectors such as Buffer overflows? HECK NO! Windows Server 2003 was fully vulnerable to the exploit that the Blaster worm used, and according to news.com <http://news.com.com/2100-1009_3-5074008.html?tag=fd_top>, two MORE variations of the same security hole were just found, meaning that W2K3 Boxes with the last RPC patch installed are STILL FULLY VULNERABLE TO COMPLETE TAKEOVER by a remote host.
Better than previous attempts? Yes... Secure? No. Just my 2 cents... -Sean On Wednesday, September 10, 2003, at 05:37 AM, Chris Halverson wrote:
What does everyone think of the hype around Windows Server 2003 being secure by default? Has anyone implemented one in your environment?
---------------------------------------------------------------------------Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Current thread:
- RE: Windows Server 2003, (continued)
- RE: Windows Server 2003 Andrew Ruef (Sep 11)
- Re: Windows Server 2003 Steve (Sep 11)
- Re: Windows Server 2003 Ansgar Wiechers (Sep 11)
- Re: Windows Server 2003 Hendra Santosa (Sep 12)
- Re: Windows Server 2003 Ansgar Wiechers (Sep 15)
- Re: Windows Server 2003 Jimi Thompson (Sep 15)
- Re: Windows Server 2003 Kevin L Keathley (Sep 11)
- RE: Windows Server 2003 Joey Peloquin (Sep 11)
- RE: Windows Server 2003 Davitt J. Potter (Sep 12)
- Re: Windows Server 2003 Tim Syratt (Sep 11)
- Re: FW: Windows Server 2003 Tim Syratt (Sep 11)
- RE: Windows Server 2003 Larry Seltzer (Sep 11)
- 'Shutdown Reason' in Windows 2000? (was: RE: Windows Server 2003) Alexander Suhovey (Sep 15)