Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

procedures for Securing NT?

  • 31-05-2000 1:59pm
    #1
    Closed Accounts Posts: 60 ✭✭


    Being from a mainly Unix background I would be interested in hearing how any of you NT heads (if there are any here) go about securing your boxes, and once you have got them to a satisfactorily secured level what steps do you take to make sure they stay that way.


Comments

  • Registered Users, Registered Users 2 Posts: 785 ✭✭✭zenith


    http://www.microsoft.com/technet/security/iischk.asp is a very good place to start, and then you keep an eye on CERT, NTBugtraq and MS's own mailing lists.

    As long as you keep on patching, it'll stay secure for ya. All politics aside, it's not a bad bit of kit.


  • Closed Accounts Posts: 60 ✭✭anonym00se


    I already have a procedure setup, I was more wondering what extra things people did, rather than being show yet another text on the matter, or do you all just go pull the first document you find on securing NT off the web and use that as your procedure???

    On a side note just because you patch something does not mean it is fixed, take a look at the problems l0pht had with antisniff


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Originally posted by anonym00se:
    I already have a procedure setup, I was more wondering what extra things people did, rather than being show yet another text on the matter, or do you all just go pull the first document you find on securing NT off the web and use that as your procedure???

    Go on then, show us your procedure before you flame someone elses attempt to help.

    It may not be good advice, but it is free. Larting it and expecting a better response is pretty optimistic (IMHO).


  • Registered Users, Registered Users 2 Posts: 11,446 ✭✭✭✭amp


    Secure NT: a pc locked in a safe, disconnected from the network.

    Lunacy Abounds! Play GLminesweeper!


  • Closed Accounts Posts: 60 ✭✭anonym00se


    Originally posted by X_OR:
    Go on then, show us your procedure before you flame someone elses attempt to help.

    It may not be good advice, but it is free. Larting it and expecting a better response is pretty optimistic (IMHO).

    Well it wasn't intended to come across that way, but unfortunately using the internet to talk to people does make it hard to put across the right tone in a post, bar using smilies which are well not that great either ;). Also phrasing it poorly didnt help either.

    After reading your post asking my to say what I do, I realised it is asking alot, as basically anything I do for my company cant be disclosed, so I can only assume it is the same for the rest of you.

    So I guess people can either not bother replying to this thread, or continue posting the urls - I may actually find some of them useful :)



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 785 ✭✭✭zenith


    Yawn.

    Well, being from a Unix background, you already know all there is to know about puters. Sorry if my response was basic.

    We watch, read, patch and test. That's what you do to keep any box secure. We also, as NT admins, spend eight hours a day playing solitare, because there's hardly anything else to do.




  • Closed Accounts Posts: 60 ✭✭Fing


    Check out this document on builging a Bastion host under NT: http://people.hp.se/stnor/hpntbast13.pdf

    Fing


  • Closed Accounts Posts: 60 ✭✭anonym00se


    Originally posted by zenith:
    We watch, read, patch and test. That's what you do to keep any box secure.

    Yes but getting it secure in the first place is alot harder. Even though it is necissary, any one can install a patch, it is only part of keeping a box secure. But then I think we all know this, so this thread is really going no where other than maybe a flame war.


    [This message has been edited by anonym00se (edited 01-06-2000).]


  • Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    Your looking for more a process wise? rather then how to secure it?

    While I can't post the details, my machines get hacked into (attempted anyway) at least once a week by some guy who actually gets paid to do it.

    If he manages to break in I am supposed to report it (giving full audits and user info with request to investigate). I'm not told when he does it, or where from.

    If I don't report it after a certain time. I get a nice email telling me to have the machine fixed by a certain time (machine has to be taken off the network until it is). Depending on the machine can mean if your fired or not if you ignore the mail.

    Anyway what level of security we talking about? Physical security? or software or hardware?


  • Closed Accounts Posts: 60 ✭✭anonym00se


    I'm more interested in securing it from an OS POV. But everything helps.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 785 ✭✭✭zenith


    The original question was hopelessly non-specific, and that's where the fault lies.

    I'm not interested in a flame war either, as it happens.

    Hope the suggestions I made are of some use to someone. Hacking Exposed http://www.amazon.co.uk/exec/obidos/ASIN/0072121270/hackwatchnews/026-4640370-7195655 is worth a read on the topic.

    [This message has been edited by zenith (edited 01-06-2000).]


  • Closed Accounts Posts: 60 ✭✭anonym00se


    Yup tis a very good book, lots of info to be got from it. Well worth the buy.

    [Yup I know it was realy badly worded, but bit late for that.]


Advertisement