Re: Win2K Security & Firewall - long post
From: ClareOldie (ClareOldie_at_nowhere.ie)
Date: 11/05/03
- Next message: ERACC: "Re: Anyone - M$ Term Server behind iptables? SOLVED"
- Previous message: Chuck: "Re: Newbie Firewalls?"
- In reply to: Duane Arnold: "Re: Win2K Security & Firewall - long post"
- Next in thread: Jodie: "Re: Win2K Security & Firewall - long post"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 5 Nov 2003 21:04:09 -0000
Duane Arnold wrote:
> "ClareOldie" <ClareOldie@nowhere.ie> wrote in
> news:u%wpb.3923$bD.15500@news.indigo.ie:
>
>> I have been of late urging just about anyone who would listen, to
>> look at implementing an IPSec policy on Win2K for extra security.
>> Today I went a stage further and did a fresh installation of Win2K,
>> SP4 for test purposes. No security measures were taken except to
>> install an IPSec policy, - no firewall, no router, no
>> processes/services disabled, not even an antivirus prog. No servers
>> installed by me. I wanted the installation to be as basic as poss
>> with the one exception, IPSec. All my needs were allowed for in
>> IPsec rules = browsing, e-mail, programme updates, and
>> downloads(FTP).
>> I then went to GRC ShieldsUp site to check the security of the
>> installation. Result:
>> A few ports were stealth, one was open (1025) and the
>> rest were
>> closed.
>> I logged off and inserted a new rule into IPSec to block 1025 and
>> went back online again where I repeated the test.
>>
>> Result:
>> All ports tested as stealth (the first 1056). The Green
>> Light!!!!!
>>
>> While I accept that other installations will differ and indeed may
>> have different ports open at the first test (who knows?) the fact
>> remains that I was with considerable ease able to stealth my
>> computer. Why in the name of security is such a policy not activated
>> as a default at installation?
>
>> Why have MS not urged people to implement an IPSec policy as a
>> defence against the latest port probes?
>
>> Why the silence about something that is built into the OS?
>
> What silence? There is Chapter 18 Implemeting TCP/IP Security in the
> Windows XP Pro Resource Kit book. It talks all about this topic for XP
> and Win2k on how to implement it.
>
>> What the heck is going on? Who is benefiting from this silence?
>> It's not you and me (IMO). Maybe it would block reports to MS? I
>> don't know! For anyone interested, I used the AnalogX Server IPSec
>> policy and deselected all server rules and selected client rules for
>> those items that I use. Besides this I added one rule as mentioned
>> above. I have not figured out why this new rule was needed. It would
>> be nice to know why, but I am not going to spend any time finding
>> out. If anyone knows I would be glad to hear why. This is the link
>> to AnalogX which also has some very useful links
>> http://www.analogx.com/contents/articles/ipsec.htm
>
> I don't have a Win 2k Pro Resource Kit book, but I would venture to
> guess that it's in the book.
>
> What I find interesting with XP Pro is its ability to set Software
> Restriction Policies which allows policies to be set that prevent
> unwanted applications, such as virus or other harmful software, from
> running.
>
> Software Restrictions
> Internet Connection FW
> TCP/IP Security
>
> What's MS trying to do -- protect the machine? :)
>
> Duane :)
>
>
> Duane
Quite a lot of users of Win2K are not "professionals" and don't have a
Resourse Kit Book.
I for one have never seen one nor do I personally know anybody who has one,
yet I know people who use Win2K. I was not intending this for professional
users.
Seán
- Next message: ERACC: "Re: Anyone - M$ Term Server behind iptables? SOLVED"
- Previous message: Chuck: "Re: Newbie Firewalls?"
- In reply to: Duane Arnold: "Re: Win2K Security & Firewall - long post"
- Next in thread: Jodie: "Re: Win2K Security & Firewall - long post"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
