Security Basics mailing list archives

RE: Windows Server 2003

From: Joey Peloquin <jpelo1 () jcpenney com>
Date: Wed, 10 Sep 2003 16:14:38 -0500

Secure by default?

Let's put it this way; I wouldn't connect a Windows Server 2003 machine
to the internet out-of-the-box.  But then.. I wouldn't do that with any
system.

Microsoft has come a helluva long way though, and I have to say I am
pleased, even if not 100% satisfied.  Whereas security was virtually
non-existent on their list in the past, it seems that it is close to the
top of the list now.

There's a handful of vulnerabilities out already, so I'm watching
eagerly to see what the bug-hunters come up with.

I have only installed / configured two servers.  We're testing our web
application (JCPenney.com) on one in the lab, and migrated our
home-grown .net monitoring/testing tools to another.  The monitoring box
has had zero issues since, and there were no problems migrating the
application there.  The jury is still deliberating on the lab box...
We'll see.

Cheers,

Joey

-----Original Message-----
From: Chris Halverson [mailto:chris.halverson () encana com] 
Sent: Wednesday, September 10, 2003 7:38 AM
To: security-basics () securityfocus com
Subject: Windows Server 2003




What does everyone think of the hype around Windows Server 2003 being 

secure by default?   Has anyone implemented one in your environment?





Chris


------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Windows Server 2003 Chris Halverson (Sep 10)
- RE: Windows Server 2003 Joey Peloquin (Sep 10)
- RE: Windows Server 2003 Edrean Ernst (Sep 10)
- RE: Windows Server 2003 Andrew Ruef (Sep 10)
  - RE: Windows Server 2003 dave kleiman (Sep 11)
  - RE: Windows Server 2003 Krill T (Sep 11)
    - RE: Windows Server 2003 Andrew Ruef (Sep 11)
    - Re: Windows Server 2003 Steve (Sep 11)
    - Re: Windows Server 2003 Ansgar Wiechers (Sep 11)
    - Re: Windows Server 2003 Hendra Santosa (Sep 12)
    - Re: Windows Server 2003 Ansgar Wiechers (Sep 15)
    - Re: Windows Server 2003 Jimi Thompson (Sep 15)

(Thread continues...)