Re: Outpost blocks everything

From: Duane Arnold (Notme_at_Notme.com)
Date: 08/31/05 

Date: Wed, 31 Aug 2005 10:45:24 GMT

"Volker Birk" <bumens@dingens.org> wrote in message
news:4315637a@news.uni-ulm.de...
> Duane Arnold <notme@notme.com> wrote:
>> http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
>
> Nice list. But when I'm reading it, I notice, that this list contains
> completely other topics than Torsten's list. And some of them are not
> OK; here are a few of them:
>
> They're recommending "Personal Firewalls" because of stopping outbound
> connections. They're ignoring the fact, that there is a simple proof,
> that this does not work.

I cannot disagree I don't have too much faith in them either and most home
users use them like crutches with the Application Control and whatnot that
can be beaten at boot before the 3rd party solutions can even get to the
TCP/IP connections and stop anything, which is one thing the XP FW will do
is protect the TCP/IP at boot.

However, the solutions are out there and they provide some protection at the
machine level for what it's worth . :)
>
> For stopping simple file sharing on Windows XP HE, they have no
> solution, while Torsten explains, how to stop file sharing at all.

I'll have to look into the solution for SFS on XP Home.

>
> What they're writing about passwords, is doubtable. It seems, that they
> did not understand the problem. BTW: the basic goal in choosing a
> password must be and only must be to have enough entropy in the password,
> so that it's very unlikely to guess it right, and it's impossible to
> brute force it in a realistic time frame. Also passwords with lesser
> entropy, which are eight characters long or even longer, are not
> secure. And no cracking program starts at eight characters, because
> this would be sensible in any way. The shorter passwords usually can
> be brute forced any way, because they cannot contain enough entropy
> to deny that.

Hey most users don't do anything in this area period but at least they are
being made aware that they should do something and most users flat-out don't
do anything.

>
> They're suggesting the reader, that SRP could stop Viruses and Trojan
> Horses from running, which is misleading.

I don't use it and that's why I use something like Active Ports to watch
connections along with Process Explorer and look around for myself from time
to time when I was into using something like BlackIce. I don't like any
tools such as SRP to stop anything at the machine level and will go to the
O/S to stop execution on the NT based O/S using NTFS.

BTW, Active Ports was the application that showed me that Application
Control in PFW solutions was being beat at the boot and logon as AP was in
the Start Folder and was clearly showing that connections were being made
and it was over before the PFW solution could get there and I tested most of
the solutions and none of them could do it.

>
> With disabling the default shares, no-one is gaining extra security.
> In the text we're told, that IPC$ keeps working.

I don't do it and the only thing I do is use Authenticated Users on shares
that I create and remove all other accounts off the share.

>
> Instead of doing that, one could stop SMB/CIFS/NetBIOS services, like
> Torsten's script. Then there are no shares left. In a network, where
> those services should be offered, offering standard shares also makes
> no security problems, because they only can be used by administrators.

I'll have to look into it.
>
> The advice, to consider biometric devices instead of passwords, is just
> misleading. Most of the finger print devices for example can be fooled
> with just a gummi bear. And in the same category they're sorting smart-
> cards in, which can be highly secure. But the reason, with which they're
> recommending SmartCards, is strange: because users write their passwors
> on sheets of paper. And their SmartCard pins? And what's with the
> SmartCards themselves?

I don't know I don't mess with such things.

>
> I have the feeling, that this text is the usual colletion of factoids,
> sorry.
>

The link may not be the best but it's better than nothing and most home
users don't know any of it. It's just an informational link as far as I am
concerned and to me that's what counts information being passed.

I had another link that was better out of England but it went off the air
for some reason awhile back

However, when I wanted to know more about securing a machine using the
Windows NT platform along with what was happening with the XP O/S, I
purchased the MS Windows Security Resource Kit and Windows XP Professional
Resource Kit books, which had lots of scripts on CD(s). :)

Relevant Pages