Full Disclosure mailing list archives
Re: Microsoft plans tighter security measures inWindows XP SP2
From: yossarian <yossarian () planet nl>
Date: Sat, 01 Nov 2003 00:25:53 +0100
On Fri, 2003-10-31 at 11:12, yossarian wrote:<snip>File and printer sharing is not needed? Remote administration is not needed? Maybe not in home use, but in corporate?No, sorry Paul. Printers have their own IP address, file and
printersharing
was introduced for small networks. But since the mid nineties a network interface became standard in laserprinters- printersharing became a real
non
issue. File sharing: not for workstations, unless you make backups of
every
workstation. Not suitable for corporations, user data is corporate
property,
needs a back up so MUST be on a server. It is impossible to secure a
network
where file and printsharing is common (where is the sensitive info to secure?) - my personal BOFH way is disable the server service on every Workstation. And the browser service as well.What planet are you working on? I have bought 5 printers in the last three years and 2 of those had built-in network cards. The others use "jet-Direct" type interfaces which require software to be installed on the server. You're saying I install this on everyone's workstation so they can connect directly? Uh huh. No file sharing; everything should be stored on a central server. Sure, no problem I'll just go out and drop $100k on a SAN to store it all. *Or* I could take advantage of the fact that every machine I buy comes with at least 40 GB of drive space on it. And I'm sure you're going to suggest thin clients here, so I'll go out and buy a small render farm for my graphics guys to do their 3D work on.
I usually work for banks and government agencies - yes SAN systems are getting fairly normal, nowadays. I think you are in the SoHo market, with 5 printers in three year, 50 users that develop software - the customer I am working for at the moment has some 5000 printers in the network, all HP with Jetdirect with an IP adress. I am not a printer admin, so I had to check at the HP4000 here at home - nope, it runs even when I turn off the server, all you do is install IP printing service on the workstations, not printersharing which is a NetBios thingie... Yeah, you can install software on the server and share the printer to the users, but to use a shared resource you do NOT need to install file and printersharing on the workstations. Like I wrote - workstations, NOT servers. Jetdirect cards are printerservers, at least the ones in HP's. Connecting a printer to a PC IMHO makes it a server, albeit a non-ded one - and it is utterly useless. I am not into thin clients for power users, but this has absolutely no relation to file or printersharing.... And I do consider the big disks in new 'puters a waste of capacity, but since they cost the same as 4GB few years ago, who cares? Dunno how it is on the planet you work on, but PC's get stolen on a fairly regular basis, so having data on it is considered insecure. No need for firewall, superglue is better here. And for the SAN thing - I agree people doing rendering takes a lot of disk space, but Joe Average User won't need so much storage - maybe 50MB per year. With 2000 users per server - who needs a SAN? Unless you allow them to store everything - MP3's, holiday snapshots, downloaded software they aren't allowed to install anyway, bedroom movies, every previous version of every document, etc. Maybe I am getting old, but what is wrong with disk quota? It actually increases efficiency, less time needed to find an older document. Different with developers, graphic types et all, I know, but the large majority of puterusers type word documents, send e-mail and use big apps that are serverbased or mainframe based. So no local data.
Remote administration may be needed, I just said it is rarely used, for various reasons, the foremost being that the support staff don't know
sh**t
about the inner workings of windows, MCP or not.Right and what inner workings do I need to know to use my remote patch management software without RPC? It's really handy actually, but then again maybe there's a better way to do it that I'm just to stupid to know about.
Login script. Daisychaining patches. Basic stuff, really.
<snip> Hopefully we can all agree that anything Microsoft can do to attempt to make it's O/S more secure is better than the way it is now.
What is the use of a wrong attempt? A false feeling of security is actually more dangerous. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Microsoft plans tighter security measures inWindows XP SP2 yossarian (Oct 31)