RE: Securing windows XP
From: Brad Judy (judy@colorado.edu)Date: 01/15/02
- Previous message: k: "RE: Securing windows XP"
- In reply to: k: "RE: Securing windows XP"
- Next in thread: k: "RE: Securing windows XP"
- Reply: k: "RE: Securing windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brad Judy" <judy@colorado.edu> To: <trade.your.little.sister.for.crack@ondrugz.com> Date: Tue, 15 Jan 2002 13:04:43 -0700
Of course you are correct that there are resources for security, and once
past the new GUI most items are just like W2K.
I intended to point out that there are great differences in some areas that
are not well documented and that the Home edition has particular quirks.
Pro is definitely best for IT work, but the original post inquired about
both versions.
To provide some fruitful information on Windows XP security, I just did some
KB searching
and came up with these articles:
-Description of File Sharing and Permissions in Windows XP (Q304040)
-HOW TO: Disable Simplified Sharing and Password-Protect a Shared Folder
(Q307874)
-How to Set Security in Windows XP Professional That Is Installed in a
Workgroup (Q290403)
-HOW TO: Set, View, Change, or Remove File and Folder Permissions (Q308418)
-HOW TO: Set, View, Change, or Remove Special Permissions for Files and
Folders (Q308419)
-HOW TO: Enable the Internet Connection Firewall Feature in Windows XP
(Q283673)
MS has yet to provide and Windows XP specific security checklists or best
practices, although the Windows 2000 are generally applicable as pointed
out.
Personally I will definitely check out the books noted for any security
information, but I I definitely don't concede that one should just throw up
a firewall and give in to poor security, perhaps because I work in an
environment without firewalls. I am concerned with the security information
available for users of Windows XP Home edition, and I hope MS does more
documentation on this piece of information.
Brad Judy
Information Technology Services
University of Colorado at Boulder
> -----Original Message-----
> From: k [mailto:tattooman@scott.culp.should.read.1984.while.ondrugz.com]
> Sent: Tuesday, January 15, 2002 5:20 PM
> To: Brad Judy
> Cc: focus-ms@securityfocus.com
> Subject: RE: Securing windows XP
>
>
>
> On Tue, 15 Jan 2002, Brad Judy wrote:
>
> > Actually I have found that this document falls short of describing the
> > differences in managing security in Windows XP, especially the
> Home edition.
>
> Right. The document was designed to be a general overview. Once you
> actually get ready to start rolling out Windows XP, you need to have the
> following books on hand:
> Windows XP Professional Resource Kit
> Windows XP Professional Administrator's Pocket Consultant
> Windows XP Inside Out
>
> > In what was presumably an effort by MS to protect home users from
> > themselves, many security settings in Windows XP Home are not accessible
> > through the GUI without special steps. Most notably, one must
> reboot into
> > safe mode to access the security tab on NTFS drives (although
> command line
> > tools like xcacls still work in normal mode).
>
> Windows XP Home Edition of course should not be used in office
> environments, or on mission critical systems (neither should XP Pro). XP
> HE was installed on a computer I bought recently for home use - after 15
> minutes, I realized that I needed to upgrade to XP Pro if I cared about
> the security of my data. I quickly came to the conclusion that even
> securing XP Pro is a futile endeavor. The only real solution is to throw
> a PIX in front of it, and resign yourself to the fact that local users
> can and will destroy the box. At least you now have the option to
> utilize System Restore after a Power User trashes the system.
>
> Limited User accounts are completely worthless - they are too limited to
> have any usefulness at all. The Local Security Policy options are
> rudimentary at best too. ICF is a nice feature.
>
> > The new restrictions on configuring file sharing (including the
> new "simple
> > file sharing" mode) can also cause a number of headaches when
> configuring
> > Windows XP.
>
> Simple File Sharing is evil. Many of the security issues with XP, just as
> with all previous versions of Windows, are associated with the default
> settings and configuration.
>
> > I have not yet found a good resource on the changes to managing security
> > under Windows XP, but would be glad to see one posted.
>
> I think the best solution is to check out the following MS links:
>
> Tools & Checklists - www.microsoft.com/technet/security/tools/tools.asp
> Best Practices - www.microsoft.com/technet/security/bestprac/bestprac.asp
>
> Use the info and tools there there to create a relatively secure loadset,
> and then delve into the XP Resource Kit documentation to iron out
> the details.
>
> k
>
> > Brad Judy
> >
> > Information Technology Services
> > University of Colorado at Boulder
>
- Previous message: k: "RE: Securing windows XP"
- In reply to: k: "RE: Securing windows XP"
- Next in thread: k: "RE: Securing windows XP"
- Reply: k: "RE: Securing windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
