Click here to get back home

Security Hardening
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Security Hardening DD 05-16-2007
---> Re: Security Hardening Paul Bergson [M...05-17-2007
Posted by S. Pidgorny on May 23, 2007, 5:28 am
Please log in for more thread options
 I don't know. I haven't tried hiding resources for reasons I have outlined
in other posts. Clients find the DC using DNS and not browse list (a NetBIOS
legacy) so probably therewill be no impact. However I don't know what
exactly net config server does - I live the experimenting to you.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

>
> We want to hide the DC as well. What is the impact if i run the net config
> server /hidden:yes|no
>


Posted by bogus on May 23, 2007, 8:31 am
Please log in for more thread options
> I don't know. I haven't tried hiding resources for reasons I have
> outlined in other posts. Clients find the DC using DNS and not browse
> list (a NetBIOS legacy) so probably therewill be no impact. However I
> don't know what exactly net config server does - I live the
> experimenting to you.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>>
>> We want to hide the DC as well. What is the impact if i run the net
>> config server /hidden:yes|no
>>
>
>
>

If you manage to hide something successfully from the "bad guys", it will
be hidden from your legitimate users, as well. If your legitimate users
can find something, so can others. If you or your users need access, you
won't be able to keep others from finding it in the same way. Remember
that until they authenticate to a resource your users are also strangers.

You need to make things secure in a different way than simply making them
harder to find.

Posted by S. Pidgorny on May 24, 2007, 6:10 am
Please log in for more thread options
G'day:


> If you manage to hide something successfully from the "bad guys", it will
> be hidden from your legitimate users, as well. If your legitimate users
> can find something, so can others. If you or your users need access, you
> won't be able to keep others from finding it in the same way. Remember
> that until they authenticate to a resource your users are also strangers.
>
> You need to make things secure in a different way than simply making them
> harder to find.

Exactly. Security through obscurity isn't security. Besides, in this case,
there's not much obscurity - intruders use different discovery methods.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *



Posted by DD on May 22, 2007, 5:16 am
Please log in for more thread options
What is the impact if I delete the Autorun.inf from the system ?


The purpose to turn of autorun is to prevent a malicious program from
starting when media is inserted

if the media come with the autorun.inf , where the the program run
automatically ?



"S. Pidgorny <MVP>" wrote:

> 1) http://support.microsoft.com/kb/321710
> 2) http://support.microsoft.com/kb/933008
>
> Note that hiding computer is not an appropriate security measure.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> > Would like to know
> >
> > 1) how to hide the computer from network browse list -
> > Prevent a potential attacker inside the firewall from generating a list of
> > available network resources
> >
> > 2) Disable Autorun- Prevent a malicious program from starting when media
> > is
> > inserted
> >
> > on windows 2003 server and DC
> >
>
>
>

Posted by Special Access on May 22, 2007, 10:32 pm
Please log in for more thread options
wrote:

Most media comes with autorun.inf on it, and you can't delete it from
a CD-ROM. The autorun.inf file normally points to other files on the
CD-ROM, so I would also suggest you turn off the autorun feature on
the system.


>What is the impact if I delete the Autorun.inf from the system ?
>
>
>The purpose to turn of autorun is to prevent a malicious program from
>starting when media is inserted
>
>if the media come with the autorun.inf , where the the program run
>automatically ?
>
>
>
>"S. Pidgorny <MVP>" wrote:
>
>> 1) http://support.microsoft.com/kb/321710
>> 2) http://support.microsoft.com/kb/933008
>>
>> Note that hiding computer is not an appropriate security measure.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> > Would like to know
>> >
>> > 1) how to hide the computer from network browse list -
>> > Prevent a potential attacker inside the firewall from generating a list of
>> > available network resources
>> >
>> > 2) Disable Autorun- Prevent a malicious program from starting when media
>> > is
>> > inserted
>> >
>> > on windows 2003 server and DC
>> >
>>
>>
>>

Similar ThreadsPosted
hisecweb.inf hardening June 5, 2005, 8:57 pm
Server Hardening July 5, 2005, 9:34 am
Lockdown/Hardening Tool March 21, 2006, 3:53 pm
Hardening Windows Registry August 2, 2006, 10:31 pm
Domain Local Security vs Global Security vs Universal Security Groups October 16, 2006, 1:26 pm
Role-based security from Windows Server 2003 Security Guide gives problems November 6, 2006, 8:00 am
Windows Server Baseline Security - IE security warning June 5, 2007, 9:35 am
security in AD June 22, 2005, 5:38 am
VPN Security. July 19, 2005, 9:44 am
Security? July 25, 2005, 8:56 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap