RE: Security templates and settings in Windows XP

IMO, it's just a matter of doing your homework, really. The bypass traverse
issues were only due to the fact that certain admins didn't research it
before implementing. The MS Security Templates are often much improved when
adding bits and pieces of your own, (making your own ADM files or altering
existing ones.) MS defaults don't hold a lot of water much of the time but
are certainly good things to use if you're just learning active directory,
etc.

If you want to make sure users are not using QoS, just disable it using
group policy object> computer config>admin template>network>QoS packet..

-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@xxxxxxxxxxx]
Sent: Wednesday, December 28, 2005 4:16 PM
To: Bill Busby
Cc: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Security templates and settings in Windows XP

And I'd follow the MS security templates... which are tested with their
patches.

Remember the issues with 05-051 [bypass traverse] occurred because admins
deviated from MS security guidance and didn't test.

Bill Busby wrote:

>In setting up Windows XP and securing XP, NIST and SANS recomend
>disabling QOS from XP. I am trying to find a registry key that for QOS
>so that this setting can be checked remotely. Does anyonw know of such
>a key?
>
>This is one of the steps towards securing Windows XP.
>
>Thanks,
>
>William
>
>
>
>
>__________________________________
>Yahoo! for Good - Make a difference this year.
>http://brand.yahoo.com/cybergivingweek2005/
>
>-----------------------------------------------------------------------
>----
>-----------------------------------------------------------------------
>----
>
>
>
>

--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • [Full-Disclosure] Full-Disclosure] Anti-MS drivel
    ... I just have to say that Microsoft is working on higher and tighter security ... [Windows XP Service Pack 2] ... simply they dontīt even know that there is a patch available! ... *nix admins patch regulary but some windows admins) donīt - ...
    (Full-Disclosure)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • Re: The Myth of the secure Mac
    ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
    (comp.sys.mac.advocacy)
  • SecurityFocus Microsoft Newsletter # 149
    ... MICROSOFT VULNERABILITY SUMMARY ... EveryBuddy Long Message Denial Of Service Vulnerability ... Intellitactics Network Security Manager ... Windows operating systems. ...
    (Focus-Microsoft)