Re: Workstation security question

From: H C (keydet89@yahoo.com)
Date: 06/04/02

• Previous message: Marc Fossi: "Administrivia"
• In reply to: jradtke@admin1.umaryland.edu: "Workstation security question"
• Next in thread: Kit: "RE: Workstation security question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 4 Jun 2002 07:42:27 -0700 (PDT)
From: H C <keydet89@yahoo.com>
To: jradtke@admin1.umaryland.edu, focus-ms@securityfocus.com

The question regarding f/ws on each workstation isn't
so much "should we", but "how would we manage
something like that"?

Strong password policies on all the systems, w/
auditing and logging enabled, along with a defense in
depth security posture w/ monitoring and verification
of systems should obviate the need for the personal
firewalls.

Verifying the systems is relatively easy...using
either RK utilities or Perl scripts, you can go to
each machine and verify that local accounts haven't
been added, that auditing is still enabled and
configured to specs, etc.

--- jradtke@admin1.umaryland.edu wrote:
>
>
> We have a LAN with a mix of Win2000 and WinNT4
> (phasing out the NT4)
> workstations.
>
> The only local user account on the workstation is
> the admin account. The
> local admin account has no rights on the domain.
> Users are authenticated
> through their domain accounts.
>
> We have a campus wide firewall.
>
> Should we be concerned enough about someone hacking
> into the workstations
> and then tapping into our servers to put software
> based firewalls at each
> workstation.
>
> I would like to thank all of you in advance.
>
> Jason

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

---

• Previous message: Marc Fossi: "Administrivia"
• In reply to: jradtke@admin1.umaryland.edu: "Workstation security question"
• Next in thread: Kit: "RE: Workstation security question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Trust relationship between this workstation and Primary Domain ... it, with a new computer ID, a new workgroup ID, but again to no avail. ... password policy, renamed admin account, automatic updates are controlled by ... * PLEASE post all messages and replies in the newsgroups ... "Workstation ... (microsoft.public.win2000.networking) Re: Re-Post - "the trust relationship between this workstation and ... account is NEW to the workstation. ... needs admin group priv at workstation level. ... only problem is adding a new user account on the station. ... This would be on the DNS server 172.20.100.2 ... (microsoft.public.windows.server.active_directory) Re: Re-Post - "the trust relationship between this workstation and ... "the trust relationship between this workstation and the primary domain ... only problem is adding a new user account on the station. ... The DNS Zone for your AD Domain must be DYNAMIC, ... Client computer must use STRICTLY the INTERNAL DNS server which can ... (microsoft.public.windows.server.active_directory) Joining NT4 to a Windows 2000 domain; secure channel prob? ... Trying to logon with a domain account pops up the error: ... The trust relationship between this workstation and the primary ... Searching PDC for domain MYDOMAIN ... ... (microsoft.public.windows.server.active_directory) Re: Re-Post - "the trust relationship between this workstation and ... There were no logged events in either the DC or workstation. ... DC/DNS Server - DCDiag ... Attr: subschemaSubentry ... only problem is adding a new user account on the station. ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2002-06