Security Basics mailing list archives
RE: Windows Server 2003
From: "Andrew Ruef" <jabberwocky () mediasoft net>
Date: Wed, 10 Sep 2003 22:48:00 -0400
Yes, actually. Many ideas. Starting with patching. I have a windows 2003 vmware machine as a test domain controller and another up as a test domain name server right now and neither of them were successfully infected by msblast or kaht2. Granted I don't have any code for the new rpc vuln but I patched for that an hour ago so I should be fine too. I think what he means is, in windows 2000 server and advanced server, it would install with IIS running by default, with a default FTP, HTTP and SMTP server running. Although maybe those were install options too. It wouldn't surprise me if I was wrong. But in Windows 2003 you install no services when you install the OS. You must add them when you are in the operating system. Which is I believe what he meant. Then again I am also very stupid. Andrew Ruef -----Original Message----- From: Krill T [mailto:kirill () sdf lonestar org] Sent: Wednesday, September 10, 2003 10:15 PM To: Andrew Ruef Cc: security-basics () securityfocus com Subject: RE: Windows Server 2003 Helo ! Win 2003 isn't secure by default ! I catched MsBlast via RPC in win 2003 Same happend with several WinXP boxes. Any ideas? Best regards, Kirill I. Tavobilov Unix SysAdmin Chief Security Engineer Omsk State Customs customs () omsknet ru www.customs.ru On Wed, 10 Sep 2003, Andrew Ruef wrote:
Date: Wed, 10 Sep 2003 16:33:38 -0400 From: Andrew Ruef <jabberwocky () mediasoft net> To: security-basics () securityfocus com Subject: RE: Windows Server 2003 Secure in the same way OpenBSD is, Windows 2003 dosen't run any
services
by default. Andrew ruef -----Original Message----- From: Chris Halverson [mailto:chris.halverson () encana com] Sent: Wednesday, September 10, 2003 8:38 AM To: security-basics () securityfocus com Subject: Windows Server 2003 What does everyone think of the hype around Windows Server 2003 being secure by default? Has anyone implemented one in your environment? Chris
------------------------------------------------------------------------
--- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----
------------------------------------------------------------------------ ---
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------ ----
kirill () sdf lonestar org SDF Public Access UNIX System - http://sdf.lonestar.org --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Windows Server 2003 Chris Halverson (Sep 10)
- RE: Windows Server 2003 Joey Peloquin (Sep 10)
- RE: Windows Server 2003 Edrean Ernst (Sep 10)
- RE: Windows Server 2003 Andrew Ruef (Sep 10)
- RE: Windows Server 2003 dave kleiman (Sep 11)
- RE: Windows Server 2003 Krill T (Sep 11)
- RE: Windows Server 2003 Andrew Ruef (Sep 11)
- Re: Windows Server 2003 Steve (Sep 11)
- Re: Windows Server 2003 Ansgar Wiechers (Sep 11)
- Re: Windows Server 2003 Hendra Santosa (Sep 12)
- Re: Windows Server 2003 Ansgar Wiechers (Sep 15)
- Re: Windows Server 2003 Jimi Thompson (Sep 15)
- Re: Windows Server 2003 Kevin L Keathley (Sep 11)
- RE: Windows Server 2003 Joey Peloquin (Sep 11)
- RE: Windows Server 2003 Davitt J. Potter (Sep 12)