RE: Windows is EASY and SECURE

["Todd Towles" <toddtowles () brookshires com>]

Dan wrote:

>  The rest of the 
> protection for those systems was based on proper network 
> segmentation, a solid understanding of the threats, turning 
> off unneeded services, hardening Web apps (see Writing Secure 
> Code, 2nd edition, by Howard and LeBlanc [Redmond, WA: 
> Microsoft Press, 2003]), and properly protecting Web servers 
> and the computer running SQL Server. Of course, this was a 
> specialized system with very limited functionality, but it 
> still shows that less is often more.
>
> Proper understanding of the threats and realistic mitigation 
> of those threats through a solid network architecture is much 
> more important than most of the security tweaks we turn on in 
> the name of security.
> <snip>

I have to agree with Microsoft on the above section, as I believe most
network professional also would. Understanding of threats and good
network architecture (network segmentation, DMZs, etc) is needed to
secure any server, not just Windows boxes. You need to protect Microsoft
boxes, they are very chatty and like to talk to other Windows boxes.

But they are saying in the last part that the network changes are more
important than the tweaks. =)

<New Microsoft Myth>
"Myth 4 - Windows can't protect itself"
To protect your servers you need a good network and threat vector
understanding. Tweaking registry keys is just one step in a huge
security puzzle. 
</Net Microsoft Myth>

-Todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/