Re: [Full-Disclosure] Microsoft plans tighter security measures inWindows XP SP2

From: yossarian (yossarian_at_planet.nl)
Date: 11/01/03

  • Next message: Kenton Smith: "Re: [Full-Disclosure] Microsoft plans tighter security measures in Windows XP SP2"
    To: full-disclosure@lists.netsys.com
    Date: Sat, 01 Nov 2003 00:25:53 +0100
    
    

    > On Fri, 2003-10-31 at 11:12, yossarian wrote:
    > > <snip>
    > > > File and printer sharing is not needed? Remote administration is not
    > > > needed? Maybe not in home use, but in corporate?
    > >
    > > No, sorry Paul. Printers have their own IP address, file and
    printersharing
    > > was introduced for small networks. But since the mid nineties a network
    > > interface became standard in laserprinters- printersharing became a real
    non
    > > issue. File sharing: not for workstations, unless you make backups of
    every
    > > workstation. Not suitable for corporations, user data is corporate
    property,
    > > needs a back up so MUST be on a server. It is impossible to secure a
    network
    > > where file and printsharing is common (where is the sensitive info to
    > > secure?) - my personal BOFH way is disable the server service on every
    > > Workstation. And the browser service as well.
    > >
    > What planet are you working on? I have bought 5 printers in the last
    > three years and 2 of those had built-in network cards. The others use
    > "jet-Direct" type interfaces which require software to be installed on
    > the server. You're saying I install this on everyone's workstation so
    > they can connect directly? Uh huh. No file sharing; everything should be
    > stored on a central server. Sure, no problem I'll just go out and drop
    > $100k on a SAN to store it all. *Or* I could take advantage of the fact
    > that every machine I buy comes with at least 40 GB of drive space on it.
    > And I'm sure you're going to suggest thin clients here, so I'll go out
    > and buy a small render farm for my graphics guys to do their 3D work on.

    I usually work for banks and government agencies - yes SAN systems are
    getting fairly normal, nowadays. I think you are in the SoHo market, with 5
    printers in three year, 50 users that develop software - the customer I am
    working for at the moment has some 5000 printers in the network, all HP with
    Jetdirect with an IP adress. I am not a printer admin, so I had to check at
    the HP4000 here at home - nope, it runs even when I turn off the server, all
    you do is install IP printing service on the workstations, not
    printersharing which is a NetBios thingie... Yeah, you can install software
    on the server and share the printer to the users, but to use a shared
    resource you do NOT need to install file and printersharing on the
    workstations. Like I wrote - workstations, NOT servers.

    Jetdirect cards are printerservers, at least the ones in HP's. Connecting a
    printer to a PC IMHO makes it a server, albeit a non-ded one - and it is
    utterly useless. I am not into thin clients for power users, but this has
    absolutely no relation to file or printersharing....

    And I do consider the big disks in new 'puters a waste of capacity, but
    since they cost the same as 4GB few years ago, who cares?
    Dunno how it is on the planet you work on, but PC's get stolen on a fairly
    regular basis, so having data on it is considered insecure. No need for
    firewall, superglue is better here.

    And for the SAN thing - I agree people doing rendering takes a lot of disk
    space, but Joe Average User won't need so much storage - maybe 50MB per
    year. With 2000 users per server - who needs a SAN? Unless you allow them to
    store everything - MP3's, holiday snapshots, downloaded software they aren't
    allowed to install anyway, bedroom movies, every previous version of every
    document, etc. Maybe I am getting old, but what is wrong with disk quota? It
    actually increases efficiency, less time needed to find an older document.
    Different with developers, graphic types et all, I know, but the large
    majority of puterusers type word documents, send e-mail and use big apps
    that are serverbased or mainframe based. So no local data.

    > > Remote administration may be needed, I just said it is rarely used, for
    > > various reasons, the foremost being that the support staff don't know
    sh**t
    > > about the inner workings of windows, MCP or not.
    >
    > Right and what inner workings do I need to know to use my remote patch
    > management software without RPC? It's really handy actually, but then
    > again maybe there's a better way to do it that I'm just to stupid to
    > know about.

    Login script. Daisychaining patches. Basic stuff, really.

    > <snip>
    >
    > Hopefully we can all agree that anything Microsoft can do to attempt to
    > make it's O/S more secure is better than the way it is now.
    >
    What is the use of a wrong attempt? A false feeling of security is actually
    more dangerous.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Kenton Smith: "Re: [Full-Disclosure] Microsoft plans tighter security measures in Windows XP SP2"