RE: Windows Server 2003

From: Halverson, Chris (chris.halverson_at_encana.com)
Date: 09/11/03

  • Next message: Pedro RObles: "RE: Executing programs via SYSTEM account (was Re: FW: remote administration via hidden shares)"
    To: 'Chris Wanstrath' <chrisw@cinci.rr.com>
    Date: Thu, 11 Sep 2003 06:58:56 -0600
    
    

    To remove the shutdown feature...

    This was for the .NET server RC2 but I guarantee that it hasn't changed
    since the release...

    http://www.minasi.com/showdoc.asp?docname=nws0212.htm

    Chris

    -----Original Message-----
    From: Chris Wanstrath [mailto:chrisw@cinci.rr.com]
    Sent: Wednesday, September 10, 2003 12:28 PM
    To: security-basics@securityfocus.com
    Subject: RE: Windows Server 2003

    I've been using it since June and my very first impression (and the
    first impression of everyone I've talked to who has used it) is hate for
    the new shutdown feature. You are forced to select a reason you are
    shutting down your computer and if there is an unexpected shutdown, you
    are forced to explain why the computer turned off. Sure, this doesn't
    seem security-related but I think it has everything do with security.
    Microsoft is saying that their system is so secure you won't have to
    almost ever shut it down, and when you do you'd better have a damn good
    reason. I found myself shutting down my server quite frequently in the
    first few weeks, installing software and SQL and such.

    As far as secure by default, I am running the server behind a firewall
    so I don't have the Microsoft firewall or any third party firewall
    setup. I am running an FTP server (IIS), HTTP server (IIS), SMTP
    server, POP3 server, and SQL. I haven't touched any of the default
    security settings because I'm using the 6-month Microsoft evaluation to
    test software on it. It's by no means a primary server, but here is
    what NMap turns up on a portscan with the default security settings...

    Port State Service
    21/tcp open ftp
    25/tcp open smtp
    80/tcp open http
    110/tcp open pop-3
    135/tcp open loc-srv
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    1025/tcp open NFS-or-IIS
    1026/tcp open LSA-or-nterm
    1027/tcp open IIS
    1030/tcp open iad1
    1433/tcp open ms-sql-s
    2105/tcp open eklogin
    3052/tcp open PowerChute
    3389/tcp open ms-term-serv

    Doesn't look like the most secure box in my network, that's for sure.

    --
    Chris Wanstrath : chrisw@cinci.rr.com
    LW Consulting   : www.lw-consulting.com
     
    > -----Original Message-----
    > From: Chris Halverson [mailto:chris.halverson@encana.com]
    > Sent: Wednesday, September 10, 2003 7:38 AM
    > To: security-basics@securityfocus.com
    > Subject: Windows Server 2003
    > 
    > 
    > 
    > What does everyone think of the hype around Windows Server 2003 being
    > 
    > secure by default?   Has anyone implemented one in your environment?
    > 
    > 
    > 
    > 
    > 
    > Chris
    > 
    > 
    >
    ------------------------------------------------------------------------
    --
    > -
    > Captus Networks
    > Are you prepared for the next Sobig & Blaster?
    >  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
    >  - Precisely Define and Implement Network Security
    >  - Automatically Control P2P, IM and Spam Traffic
    > FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
    > http://www.captusnetworks.com/ads/42.htm
    >
    ------------------------------------------------------------------------
    --
    > --
    ---------------------------------------------------------------------------
    Captus Networks 
    Are you prepared for the next Sobig & Blaster? 
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
     - Precisely Define and Implement Network Security 
     - Automatically Control P2P, IM and Spam Traffic 
    FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    Captus Networks 
    Are you prepared for the next Sobig & Blaster? 
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
     - Precisely Define and Implement Network Security 
     - Automatically Control P2P, IM and Spam Traffic 
    FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------
    

  • Next message: Pedro RObles: "RE: Executing programs via SYSTEM account (was Re: FW: remote administration via hidden shares)"