Security Basics mailing list archives

RE: Windows Server 2003

From: Tim Donahue <TDonahue () haynesconstruction com>
Date: Thu, 11 Sep 2003 12:05:52 -0400


Win 2003 isn't secure by default !
I catched MsBlast via RPC in win 2003


The MSBlast worm exploits a known Windows vulnerablity and has nothing to do
with the "Secure by default" tagline.  That comes from the fact that Windows
Server 2003 installs the BARE minimum to function as an operating system.
The server requires you to install any new services.  This is not an end all
descriptiong, you still have to follow the rest of the security "Best"
practices.  These include, staying up to date on patches, and having a
firewall on your internet connection, for your internet facing computers /
your network.

MSBlast should have been blocked by your firewall, you do have one, correct?


Tim Donahue

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Re: Windows Server 2003, (continued)
- Re: Windows Server 2003 @Lx (Sep 11)
- RE: Windows Server 2003 Robert Mezzone (Sep 10)
- FW: Windows Server 2003 Halverson, Chris (Sep 11)
  - Re: FW: Windows Server 2003 Tim Syratt (Sep 11)
- RE: Windows Server 2003 Doug Massey (Sep 11)
  - RE: Windows Server 2003 Larry Seltzer (Sep 11)
    - 'Shutdown Reason' in Windows 2000? (was: RE: Windows Server 2003) Alexander Suhovey (Sep 15)
- RE: Windows Server 2003 Halverson, Chris (Sep 11)
- RE: Windows Server 2003 c_brauckmiller (Sep 11)
  - Re: Windows Server 2003 A J Hammond (Sep 11)
- RE: Windows Server 2003 Tim Donahue (Sep 11)
- RE: Windows Server 2003 Dennis Dimka (Sep 12)