RE: What server hardening are you doing these days?
From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 11/15/05
- Previous message: Laura A. Robinson: "RE: On the topic of Windows Hardening"
- In reply to: Kurt Dillard: "RE: What server hardening are you doing these days?"
- Next in thread: Thomas W Shinder: "RE: What server hardening are you doing these days?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Kurt Dillard <Kurt.Dillard@microsoft.com> Date: Tue, 15 Nov 2005 16:02:51 +0000
On Mon, 2005-11-14 at 06:18 -0800, Kurt Dillard wrote:
> The problems that arise from changing ACLs
> on OS components is the unforseen consequences that arise, as
> illustrated by the problems from a recent patch already mentioned in
> this thread.
This is the attitude towards security I don't agree with. There should
never be a compromise on security due to "unforseen circumstances" in a
system (OS or other application).
It should be assumed that at some point a user may want to remove access
to each and every Active Directory object, file, registry key, hard
drive block and the effects of that should be studied - even if it won't
be recommended to do so. I do understand that by virtue of this there
would have to be more open information about a systems inner workings,
we should not however accept these limitations without question. This is
one of the many arguments for open-source software and is one that I
personally don't see addressed by any security guide or documentation.
Vendor provided guidelines are all well and good but there are occasions
where users want to take it further (which the cited example has shown).
Whilst I fully understand that the vendor shouldn't be expected to
support such a configuration, I do believe that they should at least
admit that it's a possibility and provide information on the possible
issues involved in it. If the user finds themselves fully informed of
the ramifications, only then are they in a position where they can
decide whether or not to accept the risk.
-- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: Laura A. Robinson: "RE: On the topic of Windows Hardening"
- In reply to: Kurt Dillard: "RE: What server hardening are you doing these days?"
- Next in thread: Thomas W Shinder: "RE: What server hardening are you doing these days?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
