Security Basics mailing list archives
RE: Windows Server 2003
From: Doug Massey <doug () masseytechnologies com>
Date: Thu, 11 Sep 2003 07:09:09 -0400
The shutdown information service can be turned off so you don't have to deal with that if you don't want to. ---- Original message ----
Date: Wed, 10 Sep 2003 14:27:40 -0400 From: "Chris Wanstrath" <chrisw () cinci rr com> Subject: RE: Windows Server 2003 To: <security-basics () securityfocus com> I've been using it since June and my very first impression
(and the
first impression of everyone I've talked to who has used
it) is hate for
the new shutdown feature. You are forced to select a
reason you are
shutting down your computer and if there is an unexpected
shutdown, you
are forced to explain why the computer turned off. Sure,
this doesn't
seem security-related but I think it has everything do with
security.
Microsoft is saying that their system is so secure you
won't have to
almost ever shut it down, and when you do you'd better have
a damn good
reason. I found myself shutting down my server quite
frequently in the
first few weeks, installing software and SQL and such. As far as secure by default, I am running the server behind
a firewall
so I don't have the Microsoft firewall or any third party
firewall
setup. I am running an FTP server (IIS), HTTP server
(IIS), SMTP
server, POP3 server, and SQL. I haven't touched any of the
default
security settings because I'm using the 6-month Microsoft
evaluation to
test software on it. It's by no means a primary server,
but here is
what NMap turns up on a portscan with the default security
settings...
Port State Service 21/tcp open ftp 25/tcp open smtp 80/tcp open http 110/tcp open pop-3 135/tcp open loc-srv 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1030/tcp open iad1 1433/tcp open ms-sql-s 2105/tcp open eklogin 3052/tcp open PowerChute 3389/tcp open ms-term-serv Doesn't look like the most secure box in my network, that's
for sure.
-- Chris Wanstrath : chrisw () cinci rr com LW Consulting : www.lw-consulting.com-----Original Message----- From: Chris Halverson [mailto:chris.halverson () encana com] Sent: Wednesday, September 10, 2003 7:38 AM To: security-basics () securityfocus com Subject: Windows Server 2003 What does everyone think of the hype around Windows
Server 2003 being
secure by default? Has anyone implemented one in your
environment?
Chris------------------------------------------------------------
------------
--- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm------------------------------------------------------------
------------
----------------------------------------------------------------
---------------
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ------------------------------------------------------------
----------------
Doug Massey Massey Technologies, Inc. 301-717-6404 --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- RE: Windows Server 2003, (continued)
- RE: Windows Server 2003 Joey Peloquin (Sep 11)
- RE: Windows Server 2003 Davitt J. Potter (Sep 12)
- RE: Windows Server 2003 Joey Peloquin (Sep 11)
- Re: Windows Server 2003 Sean Earp (Sep 10)
- Re: Windows Server 2003 Tim Syratt (Sep 11)
- Re: Windows Server 2003 Jimi Thompson (Sep 11)
- Re: Windows Server 2003 Meritt James (Sep 11)
- Re: Windows Server 2003 @Lx (Sep 11)
- RE: Windows Server 2003 Robert Mezzone (Sep 10)
- FW: Windows Server 2003 Halverson, Chris (Sep 11)
- Re: FW: Windows Server 2003 Tim Syratt (Sep 11)
- RE: Windows Server 2003 Doug Massey (Sep 11)
- RE: Windows Server 2003 Larry Seltzer (Sep 11)
- 'Shutdown Reason' in Windows 2000? (was: RE: Windows Server 2003) Alexander Suhovey (Sep 15)
- RE: Windows Server 2003 Larry Seltzer (Sep 11)
- RE: Windows Server 2003 Halverson, Chris (Sep 11)
- RE: Windows Server 2003 c_brauckmiller (Sep 11)
- Re: Windows Server 2003 A J Hammond (Sep 11)
- RE: Windows Server 2003 Tim Donahue (Sep 11)
- RE: Windows Server 2003 Dennis Dimka (Sep 12)