RE: Items within XP SP2 and Win2003

• Previous message: Tyson Leslie: "RE: VBScript to audit shares and share permissions"
• Maybe in reply to: James Bowman: "Items within XP SP2 and Win2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 28 Sep 2004 12:58:23 -0400
To: "Renouf, Phil" <Phil.Renouf@tdsecurities.com>, Eric McCarty <eric@lawmpd.com>, larobins@bellatlantic.net, Joe Doyle <joe.doyle@promega.com>, focus-ms@securityfocus.com

Phil,

I am not saying use a host based firewall instead of a dedicated
firewall, rather I propose using a host based firewall in addition to a
dedicated firewall.

Dennis

> -----Original Message-----
> From: Renouf, Phil [mailto:Phil.Renouf@tdsecurities.com]
> Sent: Tuesday, September 28, 2004 12:41 PM
> To: Eric McCarty; Depp, Dennis M.; larobins@bellatlantic.net;
> Joe Doyle; focus-ms@securityfocus.com
> Subject: RE: Items within XP SP2 and Win2003
>
> Additionally, if you have services that are required to be accessed by
> business partners then I would look into creating a business partner
> network and segmenting those services behind a firewall
> dedicated to the
> business partner network. It is much better to control the access to
> those services by a dedicated firewall like Eric suggests, but if the
> business partners have private links to your network and aren't across
> the internet then I'd look into a firewall for that business partner
> network. Much better to control the security that a location that is
> intended for it and that has a much more robust level of
> security than a
> Windows Firewall.
>
> Also, in terms of server support it is better to have as few services
> running as possible that aren't related to the primary function of the
> server. That would include a host based firewall.
>
> Not to say that there aren't occasions where a host based
> firewall makes
> sense on a server, but in most cases it is better to let an actual
> firewall fulfill that request.
>
> Phil
>
> -----Original Message-----
> From: Eric McCarty [mailto:eric@lawmpd.com]
> Sent: Tuesday, September 28, 2004 10:44 AM
> To: Depp, Dennis M.; larobins@bellatlantic.net; Joe Doyle;
> focus-ms@securityfocus.com
> Subject: RE: Items within XP SP2 and Win2003
>
> Who doesn't have a border firewall? commonly its router - firewall -
> switch. So you propose to do address filtering on your host based
> firewall ?. I suggest rethinking this strategy as IP Address range
> blocking should be done at the border router or firewall long
> before any
> Network Translations are done or any traffic traverses the local
> network. I can imagine a plethora of ways to get around host based IP
> restrictions, can't get to server1, take over another machine on
> internal network, then get to server1 and likewise.
>
> Running a host based firewall will not allow an extra layer
> of security
> if its doing the same thing the border router/firewall is doing.
>
> In order to browse the internet from the server you will have to add a
> lot of sites to the trusted sites list, and once a site is considered
> trusted it's all over anyway.
>
> -----Original Message-----
> From: Depp, Dennis M. [mailto:deppdm@ornl.gov]
> Sent: Tuesday, September 28, 2004 4:18 AM
> To: Eric McCarty; larobins@bellatlantic.net; Joe Doyle;
> focus-ms@securityfocus.com
> Subject: RE: Items within XP SP2 and Win2003
>
> Eric,
>
> A firewall will not only block services, but it will also selectively
> allow services. For example, I might need to run a web server, but I
> only want users from a buisness partner to access this site.
> I can use
> the firewall to limit access to a specific IP address or subnet. In
> this case, a host based firewall can add another layer of
> security to a
> system. I do agree that you should not be browsing the
> internet from a
> server. However, some people will continue to browse the
> internet from
> servers. The enhancements to IE6 with W2K3 will not affect you or I,
> but they will affect many others.
>
> Dennis
>
> > -----Original Message-----
> > From: Eric McCarty [mailto:eric@lawmpd.com]
> > Sent: Monday, September 27, 2004 5:26 PM
> > To: Depp, Dennis M.; larobins@bellatlantic.net; Joe Doyle;
> > focus-ms@securityfocus.com
> > Subject: RE: Items within XP SP2 and Win2003
> >
> > I think this is a contradiction. On a server, you should
> turn off all
> > services you have no intention of having clients connect
> to, not setup
>
> > a firewall to block them. Next you should not be browsing
> the internet
>
> > using your server, and if you noticed, the enhanced browser
> security
> > prevents this for the most part anyway.
> >
> > Eric
> >
> >
> >
> > -----Original Message-----
> > From: Depp, Dennis M. [mailto:deppdm@ornl.gov]
> > Sent: Monday, September 27, 2004 9:27 AM
> > To: larobins@bellatlantic.net; Joe Doyle; focus-ms@securityfocus.com
> > Subject: RE: Items within XP SP2 and Win2003
> >
> > WRT Windows firewall and IE updates.
> >
> > Dennis
> >
> > > -----Original Message-----
> > > From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> > > Sent: Sunday, September 26, 2004 2:38 AM
> > > To: 'Joe Doyle'; focus-ms@securityfocus.com
> > > Subject: RE: Items within XP SP2 and Win2003
> > >
> > > In what respects?
> > >
> > > Laura
> > >
> > > > -----Original Message-----
> > > > From: Joe Doyle [mailto:joe.doyle@promega.com]
> > > > Sent: Wednesday, September 22, 2004 5:38 PM
> > > > To: focus-ms@securityfocus.com
> > > > Subject: RE: Items within XP SP2 and Win2003
> > > >
> > > >
> > > > Not yet. Windows 2003 Service Pack 1 is supposed to
> > bring it up to
> > > > speed with Windows XP SP2.
> > > >
> > > > Joe
> > > >
> > > > -----Original Message-----
> > > > From: James Bowman [mailto:jim@drexel.edu]
> > > > Sent: Sunday, September 19, 2004 9:11 PM
> > > > To: focus-ms@securityfocus.com
> > > > Subject: Items within XP SP2 and Win2003
> > > >
> > > >
> > > >
> > > > Is their a set of hotfixes needed for 2003 that make it
> > comprable in
> >
> > > > features / overall security posture to XP SP2?
> > > >
> > > >
> > > >
> > > > Although there's probably a bevy of XP SP2 items embedded
> > in 2003, I
> >
> > > > would imagine there's a bunch that's not...
> > > >
> > > >
> > > >
> > > > Thanks
> > > >
> > > > --------------------------------------------------------------
> > > > ----------
> > > > ---
> > > > --------------------------------------------------------------
> > > > ----------
> > > > ---
> > > >
> > > >
> > > >
> > > >
> > > > --------------------------------------------------------------
> > > > -------------
> > > > --------------------------------------------------------------
> > > > -------------
> > > >
> > >
> > >
> > > --------------------------------------------------------------
> > > -------------
> > > --------------------------------------------------------------
> > > -------------
> > >
> > >
> >
> > --------------------------------------------------------------
> > ----------
> > ---
> > --------------------------------------------------------------
> > ----------
> > ---
> >
> >
>
> --------------------------------------------------------------
> ----------
> ---
> --------------------------------------------------------------
> ----------
> ---
>
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Tyson Leslie: "RE: VBScript to audit shares and share permissions"
• Maybe in reply to: James Bowman: "Items within XP SP2 and Win2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]