Firewall Wizards mailing list archives
Re: Win 2000 any better?
From: David LeBlanc <dleblanc () mindspring com>
Date: Fri, 05 Nov 1999 09:43:10 -0800
At 10:08 AM 11/1/99 -0800, REID FOX wrote:
I am getting ready to set up a small LAN w/www access I need compatability and price for an Internet cafe so I decided to start with NT Has anyone had any experience with WIN2000? Is it any better/worse/same as NT for security issues?
Disclaimer - this is IMHO, and may or may not reflect the opinion of my employer, and should not under any circumstances be held to be an official statement of my employer. All of the above. It is better in some ways, the same in some ways, and perhaps worse in some ways. Mostly better, I think. Here's why I say that - Everything that was ever patched in 4.0 is fixed, and then some. You've also got many new tools to secure things with - one can now just deny all null sessions, and that closes a fairly big door right there. Many of the information-gathering API calls have been tightened up in terms of access level required. The file system and registry have better (not perfect, but better) defaults. IPSec is available, and I think that's a Good Thing. The IPSec policy can also be used to implement port filters, so that's an improvement. The IP stack was exposed to the windows2000test.com firestorm, and is improved as a result. There are lots of things that are still the same - for example, too many apps still want to write to silly places in the file system. Good news here is that Office 2000 isn't one of them, and the Windows 2000 app standard discourages this. In terms of what's worse (on thin ice now...), there are more ports to worry about - port 445 yields much of the same functionality as 139, so it is another port to block. You'll see Terminal Server showing up on just about any server, and it runs on high ports, so that's something else to complicate your filters. It makes remote admin a lot nicer, though. The whole admin UI is different, and after 5+ years of using the old one, I find it disconcerting. I don't like it as much in some ways, but I think unfamiliarity is a large part of that. There's lots of things that are new - the new domain structure and DS is a whole new beast to go learn. Overall, I think it is much better, and I'm more comfortable exposing Win2k directly to the internet than I am 4.0, esp. if NetBIOS is exposed. My $0.02, YMMV. David LeBlanc dleblanc () mindspring com
Current thread:
- Re: Win 2000 any better? REID FOX (Nov 01)
- Re: Win 2000 any better? David LeBlanc (Nov 06)
- <Possible follow-ups>
- Re: Win 2000 any better? Mikael Olsson (Nov 05)
- Re: Win 2000 any better? Gene C. (Nov 06)
- RE: Win 2000 any better? Henry Sieff (Nov 07)
- RE: Win 2000 any better? Russ (Nov 07)
- Re: Win 2000 any better? REID FOX (Nov 08)