Re: FAQ - READ BEFORE POSTING

From: Drew Cooper [MS] (dcoop@online.microsoft.com)
Date: 12/04/02

• Next message: Ned Flanders: "Re: FAQ - READ BEFORE POSTING"
• Previous message: msnews: "Re: Web Page"
• In reply to: Karl Levinson [x y] mvp: "FAQ - READ BEFORE POSTING"
• Next in thread: Ned Flanders: "Re: FAQ - READ BEFORE POSTING"
• Reply: Ned Flanders: "Re: FAQ - READ BEFORE POSTING"
• Reply: Karl Levinson [x y] mvp: "Re: FAQ - READ BEFORE POSTING"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Drew Cooper [MS]" <dcoop@online.microsoft.com>
Date: Wed, 4 Dec 2002 12:50:45 -0800

In a word: Wow!

Being a tester, I have to nitpick, though. It's just my nature . . .

>From section 4.7:
"Note that if someone has physical access to your computer, and your
computer is not joined to a domain, that person can potentially read your
encrypted files by renaming or otherwise modifying the SAM file to gain
access to the Administrator account. With any Microsoft or non-Microsoft
operating system, there is no security without physical security. "

On Windows 2000, this is only true if SYSKEY is not used in offline mode.
Granted, that this is the most common scenario. Who wants to remember yet
another password or carry around a floppy just to log on?
On WindowsXP (and soon .Net Server) it's only true for files encrypted in
machine context and only true if SYSKEY is not used in offline mode. EFS
sorta breaks one of the "immutable" laws of security.

I very much enjoyed your FAQ. I'll forward it to some of the other security
geeks to see if they have feedback for you, too.

--
Drew Cooper [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:eXhLcDhmCHA.1916@tkmsftngp07...
> FAQ - READ BEFORE POSTING
>
> Before you post a question to a Microsoft.public.*.security newsgroup, you
> should see the following collection of answers to common questions:
>
> http://securityadmin.info/faq.htm
>
> In many cases, you will be able to find the answer to your question
> *immediately,* with no waiting, by searching this web page.  Searching
this
> page before posting can also help you reduce the amount of spam in your
> email inbox, since posting questions to this newsgroup can sometimes
> broadcast your email address.
>
>
>
>
> Long-time readers of this newsgroup are certainly welcome to post links to
> this FAQ when answering questions, so that you might spend less of your
time
> answering common questions.
>
> Other URLs that might be helpful include:
>
> http://securityadmin.info/faq.htm#password        [resetting a forgotten
> Windows 2000/XP/NT password]
> http://securityadmin.info/faq.htm#attachments     [disabling the Outlook
> feature that blocks unsafe attachments]
> http://securityadmin.info/faq.htm#pop-ups          [how to block pop-ups
> including Messenger pop-ups & adware]
> http://securityadmin.info/faq.htm#contentadvisor [how to remove the IE
> Content Advisor password]
> http://securityadmin.info/faq.htm#hacked    [how to investigate and
discover
> possible hacking / intrusions]
> http://securityadmin.info/faq.htm#re-secure [how to re-secure a computer
> /server that has been hacked]
> http://securityadmin.info/faq.htm#harden     [how to harden / secure a
> Windows computer or IIS server]
> http://securityadmin.info/faq.htm#virus        [antivirus and antitrojan
> programs; how to deal with viruses and trojans]
> http://securityadmin.info/faq.htm#startup     [inspecting and disabling
> unwanted programs that launch with Windows]
> http://securityadmin.info/faq.htm#firewall    [firewall, IDS, IPsec and
> packet filtering technologies]
> http://securityadmin.info/faq.htm#encryption [file and disk encryption
> software]
> http://securityadmin.info/faq.htm#efs           [questions regarding EFS
> encryption, including EFS file recovery]
> http://securityadmin.info/faq.htm#spam       [spam prevention software and
> techniques]
> http://securityadmin.info/faq.htm#auditing    [enabling Windows auditing]
> http://securityadmin.info/faq.htm#trace        [how to investigate a
> suspicious IP address]
> http://securityadmin.info/faq.htm#reporthacker [how to report a hacking
> event]
> http://securityadmin.info/faq.htm#portscanner  [port scanners and
> vulnerability scanners]
> http://securityadmin.info/faq.htm#contentfilter  [ways to filter / block /
> monitor internet browsing of objectionable content]
> http://securityadmin.info/faq.htm#ftpfolder       [how to delete a
hacker's
> FTP folder that cannot be deleted normally]
> http://securityadmin.info/faq.htm#banner         [how to change the banner
> used by various services including IIS web server]
> http://securityadmin.info/faq.htm#urlscan         [questions and problems
> with IIS URLScan]
> http://securityadmin.info/faq.htm#runas           [using RUNAS to launch
> programs as Administrator with no password, and allow users to change IP
> address or run defrag]
> http://securityadmin.info/faq.htm#moreinfo      [resources for further
> information and tools]
> http://securityadmin.info                                  [resources for
> further information and tools]
>
> Note that this is NOT a full list of all the questions answered in the
FAQ.
>
> HTH.  Feedback, suggestions and criticism regarding the FAQ are welcome
and
> may be emailed to me.
>
> kind regards,
> Karl Levinson, CISSP, MCSE, MVP
> email: levinson_k@excite.com
>
>
>
>

• Next message: Ned Flanders: "Re: FAQ - READ BEFORE POSTING"
• Previous message: msnews: "Re: Web Page"
• In reply to: Karl Levinson [x y] mvp: "FAQ - READ BEFORE POSTING"
• Next in thread: Ned Flanders: "Re: FAQ - READ BEFORE POSTING"
• Reply: Ned Flanders: "Re: FAQ - READ BEFORE POSTING"
• Reply: Karl Levinson [x y] mvp: "Re: FAQ - READ BEFORE POSTING"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint