Re: Windows Server 2003

From: Steve (securityfocus_at_delahunty.com)
Date: 09/11/03

  • Next message: Ansgar Wiechers: "Re: Windows Server 2003" 
    To: "Andrew Ruef" <jabberwocky@mediasoft.net>, "'Krill T'" <kirill@sdf.lonestar.org>
Date: Thu, 11 Sep 2003 17:28:53 -0400

    Microsoft ran a great webinar for the Network Professional Association (NPA)
    solely on the topic of Windows 2003 Server security. I know some of you
    would say "that must have been a short seminar". But it was really
    fantastic and went into deep detail about the improvements to security
    Microsoft has implemented in Windows Server 2003 as well as the amount of
    time they put into that effort. I believe that it is much more secure than
    previous versions of the Windows network operating system. You can still
    view that mshow presentation, use this URL and click on the welcome screen
    when it comes up, ignore how it notes the show starts at 2:30pm PST. It
    also takes like 5 minutes to get past the first screen introductions and
    information about the presenters, but it is worth it.
    http://invite.Mshow.com/signon.asp?Cobrand=100&usertype=0&ShowNum=106142

    The presentation covered Microsoft's enhanced effort to identify possible
    fail points and exploitable weaknesses. Topics included: Security Benefits,
    Group Policy Enhancements, Authentication, Object-based Access Control,
    Security Policy, Auditing, Active Directory and Security, Data Protection,
    Network Data Protection, Public Key Infrastructure (PKI), and Trusts.

    (NPA members received Windows Server 2003 Enterprise Edition with 25 CALS
    for free, still available right now as well for new members, pretty nice
    benefit)

    ----- Original Message -----
    From: "Andrew Ruef" <jabberwocky@mediasoft.net>
    To: "'Krill T'" <kirill@sdf.lonestar.org>
    Cc: <security-basics@securityfocus.com>
    Sent: Wednesday, September 10, 2003 10:48 PM
    Subject: RE: Windows Server 2003

    Yes, actually. Many ideas. Starting with patching.

    I have a windows 2003 vmware machine as a test domain controller and
    another up as a test domain name server right now and neither of them
    were successfully infected by msblast or kaht2. Granted I don't have any
    code for the new rpc vuln but I patched for that an hour ago so I should
    be fine too.

    I think what he means is, in windows 2000 server and advanced server, it
    would install with IIS running by default, with a default FTP, HTTP and
    SMTP server running. Although maybe those were install options too. It
    wouldn't surprise me if I was wrong.

    But in Windows 2003 you install no services when you install the OS. You
    must add them when you are in the operating system. Which is I believe
    what he meant.

    Then again I am also very stupid.

    Andrew Ruef

    -----Original Message-----
    From: Krill T [mailto:kirill@sdf.lonestar.org]
    Sent: Wednesday, September 10, 2003 10:15 PM
    To: Andrew Ruef
    Cc: security-basics@securityfocus.com
    Subject: RE: Windows Server 2003

    Helo !

    Win 2003 isn't secure by default !
    I catched MsBlast via RPC in win 2003

    Same happend with several WinXP boxes.

    Any ideas?

    Best regards,

    Kirill I. Tavobilov

    Unix SysAdmin
    Chief Security Engineer
    Omsk State Customs

    customs@omsknet.ru
    www.customs.ru

    On Wed, 10 Sep 2003, Andrew Ruef wrote:

    > Date: Wed, 10 Sep 2003 16:33:38 -0400
    > From: Andrew Ruef <jabberwocky@mediasoft.net>
    > To: security-basics@securityfocus.com
    > Subject: RE: Windows Server 2003
    >
    > Secure in the same way OpenBSD is, Windows 2003 dosen't run any
    services
    > by default.
    >
    > Andrew ruef
    >
    > -----Original Message-----
    > From: Chris Halverson [mailto:chris.halverson@encana.com]
    > Sent: Wednesday, September 10, 2003 8:38 AM
    > To: security-basics@securityfocus.com
    > Subject: Windows Server 2003
    >
    >
    >
    > What does everyone think of the hype around Windows Server 2003 being
    >
    > secure by default? Has anyone implemented one in your environment?
    >
    >
    >
    >
    >
    > Chris
    >
    >
    >
    ------------------------------------------------------------------------
    > ---
    > Captus Networks
    > Are you prepared for the next Sobig & Blaster?
    > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
    > - Precisely Define and Implement Network Security
    > - Automatically Control P2P, IM and Spam Traffic
    > FIND OUT NOW - FREE Vulnerability Assessment Toolkit
    > http://www.captusnetworks.com/ads/42.htm
    >
    ------------------------------------------------------------------------
    > ----
    >
    >
    >
    ------------------------------------------------------------------------ 

    ---
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
>
------------------------------------------------------------------------
----
>
>
kirill@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
  • Next message: Ansgar Wiechers: "Re: Windows Server 2003"

    Relevant Pages

    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.windows.server.sbs)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.windows.server.sbs)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz2000)