Re: OT: BBC drama spooks Macs galore

Ian Robinson wrote: 
On Sun, 9 Oct 2005 11:04:08 +0100, John Moore wrote
(in article <diaq0k$ue$2@xxxxxxxxxxxxxxxxxxxxxx>):


Just out of interest if your allowed to tell. What kind of changes would C2 security make.


Loads of changes to restrict access etc. Also a lot of components are allegedly not needed so can be removed. I say allegedly as it was removing stuff that made it go pear shaped. Some deep service dependencies [1]. I can't remember the details and the documentation I used is on a backup in work somewhere. A quick Google on "Windows NT4 C2 Security Settings" turns up silly amounts of articles :-)

I hope never to be in a position to be applying C2 to any server ever again. We had to do NT4 Workstations as well. They wouldn't connect to the domain afterwards (luckily we had set up a pilot to test it with some live machines). Oh yeah, domain trusts wouldn't work which was a real pisser that required a separate NT4 domain to be rebuilt. Looking back on it I did learn a lot about the guts of NT4 :-)

Ian

[1] Came across another one recently in Exchange 2003. In a multi-site deployment the WINS service is still required for some components of Exchange 2003 to work properly. So much for that push to get AD integrated DNS to do all the name resolution...

Thanks for your indepth response. Maybe I'm been stupid here but shouldnt components that are not needed be turned off ( or not installed ) in the first place and permissions for access have to be granted instead of been turned off.

Since your knowledge of computers is in a different league to most users is OSX or Windows the best for security. I often get the feeling that Windows could be good but it is so difficult to get it right that most ordinary users just end up using an admin account and leave all doors wide open whereas operating systems like OSX are easier for users to use reasonable settings.
.

Relevant Pages

  • Re: securing my system
    ... Restrict access to Internet Explorer. ... See www.dougknox.com, 'Win XP Utilities, Windows XP Security Console for a utility that will allow you to restrict applications on a per user basis. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: permission setup by Win2000 read by NT
    ... These KB articles may help explain the subtleties of using Windows 2000 to set ACL's ... Be very careful if you choose to install the SCM on NT4. ... "Windows 2000 introduces the inheritance security model that enables a child object to ... > But when we go back to change the permission on an NT server or workstation ...
    (microsoft.public.win2000.security)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • Re: The Myth of the secure Mac
    ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
    (comp.sys.mac.advocacy)