Full Disclosure mailing list archives
RE: Windows is EASY and SECURE
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 18 Mar 2005 10:35:37 -0600
Dan wrote:
The rest of the protection for those systems was based on proper network segmentation, a solid understanding of the threats, turning off unneeded services, hardening Web apps (see Writing Secure Code, 2nd edition, by Howard and LeBlanc [Redmond, WA: Microsoft Press, 2003]), and properly protecting Web servers and the computer running SQL Server. Of course, this was a specialized system with very limited functionality, but it still shows that less is often more. Proper understanding of the threats and realistic mitigation of those threats through a solid network architecture is much more important than most of the security tweaks we turn on in the name of security. <snip>
I have to agree with Microsoft on the above section, as I believe most network professional also would. Understanding of threats and good network architecture (network segmentation, DMZs, etc) is needed to secure any server, not just Windows boxes. You need to protect Microsoft boxes, they are very chatty and like to talk to other Windows boxes. But they are saying in the last part that the network changes are more important than the tweaks. =) <New Microsoft Myth> "Myth 4 - Windows can't protect itself" To protect your servers you need a good network and threat vector understanding. Tweaking registry keys is just one step in a huge security puzzle. </Net Microsoft Myth> -Todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Windows is EASY and SECURE Daniel Sichel (Mar 18)
- RE: Windows is EASY and SECURE Dave D. Cawley (Mar 18)
- Re: Windows is EASY and SECURE Pavel Kankovsky (Mar 19)
- <Possible follow-ups>
- RE: Windows is EASY and SECURE Todd Towles (Mar 18)