RE: Windows 2003 Server - MS Rulez?

• Previous message: Nina V. Levitin: "RE: Windows 2003 Server - MS Rulez?"
• In reply to: Kelly Fuller: "RE: Windows 2003 Server - MS Rulez?"
• Next in thread: Jimi Thompson: "Re: Windows 2003 Server - MS Rulez?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Kelly Fuller'" <kelly@ccgsecurity.com>, "'Street'" <streetseeker@mail.ru>, <focus-ms@securityfocus.com>
Date: Fri, 23 May 2003 18:34:45 -0400

Actually, if the hash rule were being used to restrict software in the
presence of an allow by default policy, all one would have to do is bring in
a different version of the software. Where a hash rule is appropriate is in
allowing software under a disallow by default policy.

Laura

> -----Original Message-----
> From: Kelly Fuller [mailto:kelly@ccgsecurity.com]
> Sent: Friday, May 23, 2003 4:02 PM
> To: Street; focus-ms@securityfocus.com
> Subject: RE: Windows 2003 Server - MS Rulez?
>
>
> The hash (most commonly MD5 or SHA) is known as a one-way
> algorithm and is very difficult to reverse. I would think
> this method is rather secure in that respect.
>
> Kelly B. Fuller
> Network Security Engineer
> Continental Consulting Group
>
>
>
>
> -----Original Message-----
> From: Street [mailto:streetseeker@mail.ru]
> Sent: Friday, May 23, 2003 6:02 PM
> To: focus-ms@securityfocus.com
> Subject: Windows 2003 Server - MS Rulez?
>
>
> Hello list. Today I have attended to official presentation of
> Microsoft Windows 2003 Server. And the representatives of
> Microsoft gave to my organisation an evaluation version of
> 2003 Server. That thing looks very secure, i.e. known methods
> of attack did not gave a damn thing. Also I learned an
> interesting feature - prohibition of launch of any program is
> not made by its exe name - it makes a hash from the body of
> program and politics are applied using this hash. I wonder
> whether this method is secure and if there are any ways to defeat it.
>
> Any thoughts? Thank you in advance.
>
> --
> Best regards,
> Street mailto:streetseeker@mail.ru
>
>
> --------------------------------------------------------------
> ----------
> -----
> *** Wireless LAN Policies for Security & Management - NEW White Paper
> *** Just like wired networks, wireless LANs require network
> security policies that are enforced to protect WLANs from
> known vulnerabilities and threats.
> Learn to design, implement and enforce WLAN security policies
> to lockdown enterprise WLANs.
>
> To get your FREE white paper visit us at:
> http://www.securityfocus.com/AirDefense-focus-ms
> --------------------------------------------------------------
> ----------
> ------
>
>
> --------------------------------------------------------------
> ---------------
> *** Wireless LAN Policies for Security & Management - NEW
> White Paper *** Just like wired networks, wireless LANs
> require network security policies that are enforced to
> protect WLANs from known vulnerabilities and threats.
> Learn to design, implement and enforce WLAN security policies
> to lockdown enterprise WLANs.
>
> To get your FREE white paper visit us at:
> http://www.securityfocus.com/AirDefense-focus-ms
> --------------------------------------------------------------
> ----------------
>

-----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-focus-ms
------------------------------------------------------------------------------

• Previous message: Nina V. Levitin: "RE: Windows 2003 Server - MS Rulez?"
• In reply to: Kelly Fuller: "RE: Windows 2003 Server - MS Rulez?"
• Next in thread: Jimi Thompson: "Re: Windows 2003 Server - MS Rulez?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]