Re: Zonealarm and localhost
From: Duane Arnold (notme_at_notme.com)
Date: Fri, 18 Jun 2004 16:57:29 GMT
Klassen@UVic.CA (Melvin Klassen) wrote in
> On Fri, 18 Jun 2004 11:22:23, Duane Arnold <email@example.com> wrote:
>> One shouldn't connect a machine with a Web service directly to the
What's so funny about it? Most who are interested in securing a Web
server would have an appliance in front of the machine.
So, with the Web server machine connected directly to the Internet, how
would one stop a DoS attack being ran on the Web server? Would the PFW
and the O/S use all the machine's resources trying to stop the attack?
Oh, may be one just un-plugs it right? <g> But what if there was an
appliance in front of the machine and one could set rules based on the IP
(s) doing the attack and stop it at the appliance and it never reaches
the Web server machine and O/S (ME couldn't deal with it anyway - crash
and burn - crash and burn) to stop it?
>> What security from an O/S standpoint can be implemented on the Win ME
> Follow a SANS recommendation: don't run unneeded service.
> (Remove NETBIOS'; disable "File and Print Sharing"; disable UPNP.)
And you're going to quote a SANS' recommendation -- that is too funny as
> Of course, apply all the Microsoft security-patches.
> (Plan to switch to another O.S. after the end of the product
> for Windows ME, in 2007.)
> Obviously, don't run Microsoft IIS -- find some other web-server.
There is nothing wrong with running IIS on a properly secured NT based
O/S. There are certainly plenty of links and books on the how-to(s).
So you're going to use a MS Windows ME *crash prone* three sheets to the
wind no security whatsoever O/S to run a Web server -- that is too funny.