nanog mailing list archives
RE: FW: Worms versus Bots now religion host security vs firewall/nat/acl
From: "Smith, Donald" <Donald.Smith () qwest com>
Date: Tue, 4 May 2004 16:47:27 -0600
The goal of the document is clearly stated below. Feel free to read the document and make suggestions (within scope) for improvements. The document is not intended to take the place of hardening XP documents. Today I learned from Sean that the firewall portion of XP sp1 comes up after services are enabled. I will request that information be added to the pdf. I am NOT arguing against firewalls. I like them, I use them, their grrrrrrrrrrrrrrrrrr8! Security in depth is a good idea, one that I support, encourage and practice. Donald.Smith () qwest com GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2
-----Original Message----- From: Rob Nelson [mailto:ronelson () vt edu] Sent: Tuesday, May 04, 2004 4:26 PM To: Smith, Donald; Daniel Senie; Sean Donelan Cc: nanog () merit edu Subject: RE: FW: Worms versus BotsThe goal of this document is help new XP users survive longenough todo their updates. Many of them cant/wont put upacls/nat/firewalls ...but if they follow the steps listed they have a better chance of successfully downloading and updating their new machine thenthey willhave with OUT these steps. It is not meant as a complete XP hardening document. Thereare lots ofdocuments that discuss in detail how to harden windows (xp,nt,2k...).If the person doesn't continue to do acls/nat/firewalls, they'll just get infected after the next hole is discovered. And yes, there are plenty of holes that a firewall/nat box won't fix. Still, better than the user only doing Windows Update on the day of install and never having a firewall... Rob Nelson ronelson () vt edu
Current thread:
- RE: FW: Worms versus Bots now religion host security vs firewall/nat/acl Smith, Donald (May 04)
- <Possible follow-ups>
- RE: FW: Worms versus Bots now religion host security vs firewall/nat/acl Michel Py (May 04)