Re: Domain security and dial-up
From: Linda (0203_at_comcast.net)
Date: 05/01/03
- Next message: fred: "deletion of attachments"
- Previous message: Dmitry Korolyov: "Re: Member Server Login Slow DMZ-Internal Subnet"
- In reply to: Steven L Umbach: "Re: Domain security and dial-up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 May 2003 15:36:01 -0600
Thanks!!! Just the kind of information that I was looking for.
Linda
"Steven L Umbach" <sumbach@ameritech.net> wrote in message
news:ZFasa.6124$%_3.4177467@newssrv26.news.prodigy.com...
> They probably would not have a direct route to the server, since
the
> users dialing into the internet would be assigned a public ip address for
> that connection and AFAIK W98 computers will not route between networks.
But
> there still are risks, especially if you have file and print sharing
enabled
> on those dial up computers. A hacker may be able to guess user
> name/passwords and access/modify share on that computer, and then know a
> user name password for the domain. W98 uses weak lm authentication which
can
> easily be cracked. It would be wise to put personal firewalls on those
> computers to block all inbound access (except connections initiated by lan
> computer). I use Kerio, and the configuration for it can be password
> protected so user can not change it to run their chat program, etc. Of
> course on a W98 computer it can be very difficult to keep a knowledgeable
> user from uninstalling/disabling a personal firewall. W98 is basically
very
> unsecure. Also look into installing Active Directory Client on W98
computers
> and modifying the registry to force them not to use lm authentication, and
> possibly use smb signing on your network. I would suggest enabling log
> on/off auditing on your W2K server. See FAQ about securing your W2K
> erver. --- Steve
>
> http://securityadmin.info/faq.htm#harden
> http://securityadmin.info/faq.htm#firewalls
> http://www.petri.co.il/ad_client_for_win98_nt.htm
> http://www.ntfaq.com/Articles/Index.cfm?ArticleID=15219
>
>
> "Linda" <0203@comcast.net> wrote in message
> news:yp2sa.753$Mj1.186919@news.uswest.net...
> >
> > Thanks Stephen,
> >
> > I am not as concerned about a virus on a client even though I know they
> can
> > be spread throughout the network and cause havoc that way, and I know
that
> a
> > dial-up receives a new IP address each time it connects. There will be
a
> > virus scan product in use on the clients.
> >
> > My concern is more with .. If someone stumbles upon (yeah . a hacker)
the
> > dial-up connection is there an ' open door' to the server? So say one
of
> > the client computers is on the Internet and they forget to close their
> email
> > when done. The connection could last several hours. So say they also
have
> a
> > mapped drive to the server and no firewall. Is the server venerable to
> > attack? Could someone copy, delete or corrupt data?
> >
> > Sorry, I did not mention that NTFS is not a possibility on the client
> > machines as they are Win 98 and are not due to be upgraded at this time.
> > NTFS would make it much more secure.
> >
> >
> > Linda
> >
> > "Steven L Umbach" <n9rou@attbi.com> wrote in message
> > news:4C0sa.684062$L1.198430@sccrnsc02...
> > > Access to the internet is always a concern. Dial up is a bit
> > less,
> > > because of not being the 24/7 high speed link that hackers love. That
> said
> > > the usual precautions are in order. The internet computers should have
a
> > > personal firewalls on them that are configured to control access to
> > inbound
> > > and outbound traffic. All computers need to have virus protection that
> is
> > > kept up to date as far as virus definitions are concerned, with
regular
> > > virus scans scheduled. The virus protection needs to scan inbound and
> > > outbound emails. Emails attachments are probably going to be one of
your
> > > greates risks for virus attacks. Be sure to set up shares to have
> minimum
> > > ntfs permissions needed by the users to do their job. --- Steve
> > >
> > > "Linda" <0203@comcast.net> wrote in message
> > > news:X3Zra.729$Mj1.120444@news.uswest.net...
> > > > I am getting ready to install a Win 2000 server and move the
existing
> > > > workgroup clients to domain clients. Several, 3 of the 6, existing
> > > clients
> > > > have Internet access through their modems to the Internet for email
> and
> > > > surfing. Is this modem access a security concern?
> > > > The clients will have a mapped drive to the server for a shared data
> > > > application.
> > > > The server will not have Internet access at this time.
> > > > I am not sure at this point if the clients will have their drives
> shared
> > > to
> > > > the network although I know that the printers on the clients are
> shared
> > > and
> > > > will be when they are moved to the domain.
> > > > I plan to use only the TCP protocol and remove all others.
> > > > Will the clients dialing-in to the Internet through their ISP create
a
> > > > security hole where someone could access or destroy information on
the
> > > > server?
> > > > Thank you for any information you can supply,
> > > > Linda
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: fred: "deletion of attachments"
- Previous message: Dmitry Korolyov: "Re: Member Server Login Slow DMZ-Internal Subnet"
- In reply to: Steven L Umbach: "Re: Domain security and dial-up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
