Security Basics mailing list archives
RE: Which Windows OS is Safest
From: "Rusty Chiles" <rustychiles () cox net>
Date: Tue, 29 Jun 2004 00:57:10 -0700
The safest windows is whatever version is able to mitigate the latest and greatest 0-day attack. If security comes before convenience, then perhaps you should look into windows 2003, which has a more secure default configuration in combination with Ciscos CSA (Cisco Security Agent) which sits between the API and Kernel of the os, and only allows what you allow to execute. This can be managed via a central mgmt console, so deploying a large number of desktops and the management of them is simplified. Yes, you will need to tune your config for the environment, but once this is done you will be in a better position should you be "targeted" by a exploit, hack attack, etc. In tests this solution has mitigated most if not all of the latest 0-day exploits against the windows operating system in addition to network born virus attacks. No solution is perfect, but this in combination with religous patching, and a well secured and segmented network with good traffic filtering / control is your best bet. Have fun, -Rusty -----Original Message----- From: Leon North [mailto:leon_nc () linuxmail org] Sent: Monday, June 28, 2004 3:16 AM To: security-basics () securityfocus com Subject: RE: Which Windows OS is Safest So far one of every Win OS has been suggested, so I'll buy into the debate, probably to my peril! :) Using an out of date Windows OS is simply security through obscurity. This is not a good approach. What you want is an OS which you have the greatest ability to lockdown. Never mind these systems are widely publicised as being compromised, this is nearly always due to the admin not protecting it properly, more so than the OS itself. For the desktop, start with the latest version WinXP, take advantage of the inbuilt security features (e.g. NTLMv2 removing LM hash, NTFS with secure non-default permissions, various local security policy settings etc), then follow general best practices for any OS (e.g. patch managing by testing and updating within a given timeframe etc). You will then be in a far better situation than any older Windows alternative. Installing an old OS and hoping it won't be a 'sexy' target is little better than sticking your head in the sand. Then again if your religion tells you different, preach away... Leon I would like to know what is regarded as the safest Windows OS as I need to set up a few new computers for system administrators to use and I would like to use a Windows OS as the system administrators who will be using the computers have only experience with Windows. I know that the wisest thing to do wouold be to teach them how to use another OS like OpenBSD but it isn't possible. Thanks. Artturi Lehtiö artturi.lehtio () vidafalt com
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Which Windows OS is Safest, (continued)
- Re: Which Windows OS is Safest Raj (Jun 29)
- Re: Which Windows OS is Safest eQ iX (Jun 28)
- RE: Which Windows OS is Safest Michael Carroll (Jun 25)
- RE: Which Windows OS is Safest Tenorio, Leandro (Jun 25)
- RE: Which Windows OS is Safest Michael Carroll (Jun 28)
- RE: Which Windows OS is Safest Randy Williams (Jun 29)
- Re: Which Windows OS is Safest Alvin Packard (Jun 28)
- RE: Which Windows OS is Safest MARTIN M. Bénoni (Jun 28)
- Re: Which Windows OS is Safest Eystein Roll Aarseth (Jun 29)
- RE: Which Windows OS is Safest Leon North (Jun 29)
- RE: Which Windows OS is Safest Rusty Chiles (Jun 29)
- Re: Which Windows OS is Safest Eoin Fleming (Jun 29)
- Re: Which Windows OS is Safest Cameron Reign (Jun 29)
- RE: Which Windows OS is Safest MARTIN M. Bénoni (Jun 29)
- RE: Which Windows OS is Safest GKornblum (Jun 29)
- RE: Which Windows OS is Safest Guybrush Threepwood (Jun 30)
- Re: Which Windows OS is Safest MARTIN M. Bénoni (Jun 29)
- Re: Which Windows OS is Safest Artturi Lehtiö (Jun 30)