Re: block port scanners & security recommendations

From: Neil Moore-Smith (
Date: 09/19/03

  • Next message: John Huesman: "NT4 and USB?"
    Date: Fri, 19 Sep 2003 21:59:54 +0100

    It depends what you mean by "securing" a machine. The C2 security
    certification used to virtually mean that a system wasn't connected to a
    network, was in a separate room by itself, no diskette drive or CD-ROM.
    Preferably turned off. That was fairly secure.

    Security is a trade-off between ease of use and restrictive 'safeguards'.
    You need to find the right balance for your environment. You have to find
    out whether security is worth it. I'd start by asking what the cost of being
    hacked is. It's probably higher for an e-commerce website than a web server
    serving static pages of public domain information, so its sensible to
    consider spending more time and money securing the e-commerce site.

    How 'tight' do you want your server to be? You could replace IIS with a
    hardened commercial web server. You could shut off all ports except 80, but
    then it would be a pain to administer.

    Have you looked at Microsoft's security website? They have some good
    principles and checklists of the main areas.


    "jonezy" <> wrote in message
    > is there software like portsentry thats available for windows 2000 server?
    > can someone also recommend some good software and sources for securing
    > windows 2000 server and iis?
    > TIA

  • Next message: John Huesman: "NT4 and USB?"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #164
      ... Got Storage Security Risks? ... MICROSOFT VULNERABILITY SUMMARY ... Chat Client FTP Server Default Username Credential Weak... ... NetServe Web Server is a compact web server for Microsoft Windows ...
    • Re: im being held in memory
      ... How can I harden my computer or server to secure it from hackers? ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    • Re: Mac Server Hacked In Less Than 6 Hours
      ... Windows has RAS, and for it is built in since NT 3.1 ... | A typical IIS box and this Mac are not the same thing so the comparison ... IIS has been subject to quite a few bugs and so have ... Security isn't a proprietary attribute. ...
    • Re: been hit by hacker, servudaemon installed
      ... security patching on iis 4.0 ... security fixes into the new version. ... >install all service packs and patches from Microsoft, ... >>>Windows, Apache, you name it. ...
    • MS and security: good effort but no cigar
      ... build upon the progress it's already made in security. ... The low-hanging fruit of millions of insecure Windows machines ... Then there's the issue of poorly secured server applications. ... and execute external virus and filtering ...