«

Duane Arnold <> wrote in
news:Xns946FB81D13468darnold92insightbbco@204.127. 204.17:

> Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if not
> configured properly or one does something on their behalf to cause the
> exploit. Once malware hits the machine using a Linux or MS O/S and is
> able to execute, it's over.

This is entirely true, but MS makes it far to easy to exploit. Everyone in
XP home by default is an administrator.

Also, consider that Linux has security patches probably daily if you count
everything done to the open source stuff. MS probably has just as many bug
fixes a day, except the source isn't open and we don't see the changes they
are making.

Finally, to configure linux to not do dumb things and look ready to
exploit, you simply install it. To do the same on Windows requires
installing it, installing a dozen security patches, changing a few options
here and there, installing a decent firewill application, and possibly
more.

--
AIM: FrznFoodClerk
email: de_on-lag@co_cast.net (_ = m)
website: under construction
Need a technician in the south Jersey area?
email/IM for rates/services

Calvin Crumrine <> wrote in
news::

> Duane Arnold wrote:
>> DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:
>>
>>
>>>Duane Arnold <> wrote in
>>>news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
>>>
>>>
>>>>Both can be made equally as secure as the other as I understand it.
>>>>I have been using MS for many years so that's where I lean towards.
>>>>As for Linux, look into the RedHat 9 O/S series and Apache
>>>>Webserver.
>>>
>>>I don't know if I entirely agree with this statement. Linux + Apache
>>>is harder to exploit than Windows + IIS (or Windows + Apache, for
>>>that matter). Most linux security holes let someone crash the
>>>running process, while most recent windows holes give complete
>>>Administrator level priviledges to the hacker.
>>>
>>
>>
>> I have read some articles where hackers were able to hack right to
>> the Kernel of the Linux O/S. I don't know if one can hack to the
>> protected O/S of an NT based O/S. Yes, there have been recent
>> exploits on the MS O/S. But I think that most who were exploited
>> didn't apply the security updates to the O/S that would have dealt
>> with them. Or the machine was sitting out on the Internet with a root
>> based account in use on the machine at the time of the exploit, so
>> that a compromise of the machine could take place based on the
>> security context of an account that had Admin priv(s), being used by
>> the hacker.
>>
>> Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if
>> not configured properly or one does something on their behalf to
>> cause the exploit. Once malware hits the machine using a Linux or MS
>> O/S and is able to execute, it's over.
>>
>> Duane
> I think you're right about people who were hacked didn't apply the
> proper security updates-but I have two issues with that.
>
> First, it's a full-time job figuring out which of the many, many,
> Windows updates are needed. The *only* way of minimizing that job is
> to apply all of them-and that leads to my second issue:
>
> Second, it's a more than full-time job to test updates before you
> apply them. Historically Microsoft has issued updates that on far too
> many occasions have done more harm than good-so I don't blame *anyone*
> for being slow to apply updates.

I look for three words *Critical Security Update*. If it has those words,
it will be applied to the machines at all times. And in general, I apply
all recommenced fixes or upgrades etc. etc. I don't want to be caught like
Tech Support on the job the next day after, as they raced around corporate
applying all things they had ignored up to that point when the RPC exploit
hit.

As for the security of the Webserver, I would suggest using IIS on the
Server Edition of Win2K, because IIS on the Server Edition as security
features that are not available on the Workstation edition. On the
Directory Tab, IP Security is not applicable on the Workstation version.
But you can cover that on the workstation version and supplement the Server
version using IPsec.

something simple

http://www.petri.co.il/ipsec_block_ping.htm

The nuts and bolts on the howto(s)

http://lists.gpick.com/pages/IP_Security_(IPSec).htm

I would suggest going to the library and see if they have two books that
can be checkout or purchase them.

1) Windows 2000 Server Resource Kit Book Book Chapter 18 Implementing
TCP/IP Security in the WIn2k SRKB along with other chapters as needed.

2) Win Security Resource Kit Book Chapter 21 Implementing Security for MS
IIS 5.0 and it also talks about *Best Practices* for IIS security. It also
provides additional information and article links such as below. And read
other chapters as needed.

http://support.microsoft.com/default...b;en-us;315669

These I have found and used the suggestions.

http://www.itso.iu.edu/howto/iis/#best

http://www.lokbox.net/SecureXP/

Hell, since the core compontes of the NT based PRO and Server are just
about the same, a lot in the link can be applied to both versions of the
O/S(s). However, not everything such as TCP/IP Security is being covered as
opposed to the books.

http://www.uksecurityonline.com/husdg/w2kp2.php

Security Topologies you can implement.

http://www.dslreports.com/forum/rema...ty,1~mode=flat

Most likely, that NAT router with BS firewall (I got one too) meets the
specs below.

http://www.homenethelp.com/web/explain/about-NAT.asp

WatchGuard, Cisco, etc FW appliances meet the spec below

http://www.firewall-software.com/fir...rewall_do.html

www.cdw.com has a nice price on WatchGaurd Firebox III SOHO 6. Hopefully,
I'll get one soon to continue my education.

I do use BlackIce on all my machines. Why, because that damn IDS works and
you cannot account for **** coming down Port 80 to IIS for valid network
traffic between machines. BI protects the services on the machine, it has
good logging and it has that Application Control and will stop a *Drive
By*.

Since you made me feel bad about my initial response to your post, this is
something I just found out about this past weekend. I watched it go into
action on a Website. <g>

http://mvps.org/winhelp2002/hosts.htm
http://accs-net.com/hosts/HostsToggle/

Later!

Duane

Duane Arnold wrote:
> Calvin Crumrine <> wrote in
> news::
>
>
>>Duane Arnold wrote:
>>
>>>DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:
>>>
>>>
>>>
>>>>Duane Arnold <> wrote in
>>>>news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
>>>>
>>>>
>>>>
>>>>>Both can be made equally as secure as the other as I understand it.
>>>>>I have been using MS for many years so that's where I lean towards.
>>>>>As for Linux, look into the RedHat 9 O/S series and Apache
>>>>>Webserver.
>>>>
>>>>I don't know if I entirely agree with this statement. Linux + Apache
>>>>is harder to exploit than Windows + IIS (or Windows + Apache, for
>>>>that matter). Most linux security holes let someone crash the
>>>>running process, while most recent windows holes give complete
>>>>Administrator level priviledges to the hacker.
>>>>
>>>
>>>
>>>I have read some articles where hackers were able to hack right to
>>>the Kernel of the Linux O/S. I don't know if one can hack to the
>>>protected O/S of an NT based O/S. Yes, there have been recent
>>>exploits on the MS O/S. But I think that most who were exploited
>>>didn't apply the security updates to the O/S that would have dealt
>>>with them. Or the machine was sitting out on the Internet with a root
>>>based account in use on the machine at the time of the exploit, so
>>>that a compromise of the machine could take place based on the
>>>security context of an account that had Admin priv(s), being used by
>>>the hacker.
>>>
>>>Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if
>>>not configured properly or one does something on their behalf to
>>>cause the exploit. Once malware hits the machine using a Linux or MS
>>>O/S and is able to execute, it's over.
>>>
>>>Duane
>>
>>I think you're right about people who were hacked didn't apply the
>>proper security updates-but I have two issues with that.
>>
>>First, it's a full-time job figuring out which of the many, many,
>>Windows updates are needed. The *only* way of minimizing that job is
>>to apply all of them-and that leads to my second issue:
>>
>>Second, it's a more than full-time job to test updates before you
>>apply them. Historically Microsoft has issued updates that on far too
>>many occasions have done more harm than good-so I don't blame *anyone*
>>for being slow to apply updates.
>
>
> I look for three words *Critical Security Update*. If it has those words,
> it will be applied to the machines at all times. And in general, I apply
> all recommenced fixes or upgrades etc. etc. I don't want to be caught like
> Tech Support on the job the next day after, as they raced around corporate
> applying all things they had ignored up to that point when the RPC exploit
> hit.
>
> As for the security of the Webserver, I would suggest using IIS on the
> Server Edition of Win2K, because IIS on the Server Edition as security
> features that are not available on the Workstation edition. On the
> Directory Tab, IP Security is not applicable on the Workstation version.
> But you can cover that on the workstation version and supplement the Server
> version using IPsec.
>
> something simple
>
> http://www.petri.co.il/ipsec_block_ping.htm
>
> The nuts and bolts on the howto(s)
>
> http://lists.gpick.com/pages/IP_Security_(IPSec).htm
>
> I would suggest going to the library and see if they have two books that
> can be checkout or purchase them.
>
> 1) Windows 2000 Server Resource Kit Book Book Chapter 18 Implementing
> TCP/IP Security in the WIn2k SRKB along with other chapters as needed.
>
> 2) Win Security Resource Kit Book Chapter 21 Implementing Security for MS
> IIS 5.0 and it also talks about *Best Practices* for IIS security. It also
> provides additional information and article links such as below. And read
> other chapters as needed.
>
> http://support.microsoft.com/default...b;en-us;315669
>
> These I have found and used the suggestions.
>
> http://www.itso.iu.edu/howto/iis/#best
>
> http://www.lokbox.net/SecureXP/
>
> Hell, since the core compontes of the NT based PRO and Server are just
> about the same, a lot in the link can be applied to both versions of the
> O/S(s). However, not everything such as TCP/IP Security is being covered as
> opposed to the books.
>
> http://www.uksecurityonline.com/husdg/w2kp2.php
>
> Security Topologies you can implement.
>
> http://www.dslreports.com/forum/rema...ty,1~mode=flat
>
> Most likely, that NAT router with BS firewall (I got one too) meets the
> specs below.
>
> http://www.homenethelp.com/web/explain/about-NAT.asp
>
> WatchGuard, Cisco, etc FW appliances meet the spec below
>
> http://www.firewall-software.com/fir...rewall_do.html
>
> www.cdw.com has a nice price on WatchGaurd Firebox III SOHO 6. Hopefully,
> I'll get one soon to continue my education.
>
> I do use BlackIce on all my machines. Why, because that damn IDS works and
> you cannot account for **** coming down Port 80 to IIS for valid network
> traffic between machines. BI protects the services on the machine, it has
> good logging and it has that Application Control and will stop a *Drive
> By*.
>
> Since you made me feel bad about my initial response to your post, this is
> something I just found out about this past weekend. I watched it go into
> action on a Website. <g>
>
> http://mvps.org/winhelp2002/hosts.htm
> http://accs-net.com/hosts/HostsToggle/
>
> Later!
>
> Duane
>
>
That HostsToggle is cool-I used the hosts file several years ago to
block ads but eventually abandoned it because of the problems that
HostsToggle solves. I don't understand your statement about it going
into action on a Webiste though-unless you're talking about using it on
your machine & watching it work when you visited a Website. I guess that
makes sense.

Thanks for all the links-looks like I'll spend the next couple of weeks
doing a lot of reading.

Calvin Crumrine <> wrote in news:100asm8gd4g1j45
@corp.supernews.com:

> I don't understand your statement about it going
> into action on a Webiste though-unless you're talking about using it on
> your machine & watching it work when you visited a Website. I guess that
> makes sense.
>

Yes, that what I mean. Someone in another NG had mentioned that a site
mvp.org was a *drive by* site. So I tested HOST on the site. IE stopped the
download and BlackIce would have done that too. But when I tried to leave
the site, the NT login screen popped-up for a login because of 127.0.0.1
being applied to a DNS in the HOST file.

Good luck to you on your mission.

Duane

DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:

> To do the same on Windows requires
> installing it, installing a dozen security patches, changing a few
> options here and there, installing a decent firewill application, and
> possibly more.
>

The way I look at that. It's an opportunity to make money as more and more
house holds and small businesses doing networking need to have things
configured properly and most of them are coming to MS not Linux.

Duane

Duane Arnold wrote:

> DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
>
>
>>To do the same on Windows requires
>>installing it, installing a dozen security patches, changing a few
>>options here and there, installing a decent firewill application, and
>>possibly more.
>>
>
>
> The way I look at that. It's an opportunity to make money as more and more
> house holds and small businesses doing networking need to have things
> configured properly and most of them are coming to MS not Linux.
>
> Duane

Which is a *real* strong argument for putting Microsoft out of business.
Sure, making crappy cars is good for mechanics-but it's not so good for
the US, now is it?

Calvin Crumrine <> wrote in
news::

> Duane Arnold wrote:
>
>> DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
>>
>>
>>>To do the same on Windows requires
>>>installing it, installing a dozen security patches, changing a few
>>>options here and there, installing a decent firewill application, and
>>>possibly more.
>>>
>>
>>
>> The way I look at that. It's an opportunity to make money as more and
>> more house holds and small businesses doing networking need to have
>> things configured properly and most of them are coming to MS not
>> Linux.
>>
>> Duane
>
> Which is a *real* strong argument for putting Microsoft out of
> business. Sure, making crappy cars is good for mechanics-but it's not
> so good for the US, now is it?
>
>

Now do you really think that's going to happen? People working for MS or
any business for that matter have mouths to feed, cars, and homes to make
payments and kids to put through college. Do you really think that they
are going to let something like Linux just take over the market? You can
bet that MS will stop anything that becomes a threat, by any means
necessary. Yeah, Linux may be good, but on the other hand, Linux has not
put one dime in my pockets. And that's all that counts as far as I am
concerned. Yeah, Linux will get its little share of the market and share
it with the others who are sharing that same little share.

Do you think MS is going to let happen to it like what happened to IBM? I
would not count on that if I were you.

Duane Arnold wrote:
> Calvin Crumrine <> wrote in
> news::
>
>
>>Duane Arnold wrote:
>>
>>
>>>DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
>>>
>>>
>>>
>>>>To do the same on Windows requires
>>>>installing it, installing a dozen security patches, changing a few
>>>>options here and there, installing a decent firewill application, and
>>>>possibly more.
>>>>
>>>
>>>
>>>The way I look at that. It's an opportunity to make money as more and
>>>more house holds and small businesses doing networking need to have
>>>things configured properly and most of them are coming to MS not
>>>Linux.
>>>
>>>Duane
>>
>>Which is a *real* strong argument for putting Microsoft out of
>>business. Sure, making crappy cars is good for mechanics-but it's not
>>so good for the US, now is it?
>>
>>
>
>
> Now do you really think that's going to happen? People working for MS or
> any business for that matter have mouths to feed, cars, and homes to make
> payments and kids to put through college. Do you really think that they
> are going to let something like Linux just take over the market? You can
> bet that MS will stop anything that becomes a threat, by any means
> necessary. Yeah, Linux may be good, but on the other hand, Linux has not
> put one dime in my pockets. And that's all that counts as far as I am
> concerned. Yeah, Linux will get its little share of the market and share
> it with the others who are sharing that same little share.
>
> Do you think MS is going to let happen to it like what happened to IBM? I
> would not count on that if I were you.
Do you think that IBM would have let it happen if it could have
prevented it? Maybe-*maybe*-Microsoft will learn from IBM's mistakes. I
don't see any sign of it so far. It seems far more likely to me that
Microsoft is arrogant enough to believe that it *can't* happen to them
because they don't make that kind of mistake. And if that's what they
believe, as their corporate culture, then eventually it *will* happen to
them & all those people with mouths to feed, etc. will be running around
asking "What happened?"

It's happened before-often. Those who won't learn from history are
condemned to repeat it.

Calvin Crumrine wrote:
> Duane Arnold wrote:
>> Calvin Crumrine <> wrote in
>> news::
>>
>>
>>> Duane Arnold wrote:
>>>
>>>
>>>> DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
>>>>
>>>>
>>>>
>>>>> To do the same on Windows requires
>>>>> installing it, installing a dozen security patches, changing a few
>>>>> options here and there, installing a decent firewill application,
>>>>> and possibly more.
>>>>>
>>>>
>>>>
>>>> The way I look at that. It's an opportunity to make money as more
>>>> and more house holds and small businesses doing networking need to
>>>> have things configured properly and most of them are coming to MS
>>>> not Linux.
>>>>
>>>> Duane
>>>
>>> Which is a *real* strong argument for putting Microsoft out of
>>> business. Sure, making crappy cars is good for mechanics-but it's
>>> not so good for the US, now is it?
>>>
>>>
>>
>>
>> Now do you really think that's going to happen? People working for
>> MS or any business for that matter have mouths to feed, cars, and
>> homes to make payments and kids to put through college. Do you
>> really think that they are going to let something like Linux just
>> take over the market? You can bet that MS will stop anything that
>> becomes a threat, by any means necessary. Yeah, Linux may be good,
>> but on the other hand, Linux has not put one dime in my pockets. And
>> that's all that counts as far as I am concerned. Yeah, Linux will
>> get its little share of the market and share it with the others who
>> are sharing that same little share.
>>
>> Do you think MS is going to let happen to it like what happened to
>> IBM? I would not count on that if I were you.
> Do you think that IBM would have let it happen if it could have
> prevented it? Maybe-*maybe*-Microsoft will learn from IBM's mistakes.
> I don't see any sign of it so far. It seems far more likely to me that
> Microsoft is arrogant enough to believe that it *can't* happen to them
> because they don't make that kind of mistake. And if that's what they
> believe, as their corporate culture, then eventually it *will* happen
> to them & all those people with mouths to feed, etc. will be running
> around asking "What happened?"
>
> It's happened before-often. Those who won't learn from history are
> condemned to repeat it.

IBM is doing pretty good htese days...they have a hand in all three next
gen consoles, plus AMD. I thinkt he only way to really learn from your
mistakes is to make them first sometimes.

--
Night_Seer

You might make your server more secure if you put it on a different port
then 80. For a home netowrk webserver that should be fine. I do okay with
an Apache server on port 81.

"Night_Seer" <ecamacho4 at hotmail dot com> wrote in message
news:8uqdnXoUMPYqfJvdRVn-...
> Calvin Crumrine wrote:
> > Duane Arnold wrote:
> >> Calvin Crumrine <> wrote in
> >> news::
> >>
> >>
> >>> Duane Arnold wrote:
> >>>
> >>>
> >>>> DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
> >>>>
> >>>>
> >>>>
> >>>>> To do the same on Windows requires
> >>>>> installing it, installing a dozen security patches, changing a few
> >>>>> options here and there, installing a decent firewill application,
> >>>>> and possibly more.
> >>>>>
> >>>>
> >>>>
> >>>> The way I look at that. It's an opportunity to make money as more
> >>>> and more house holds and small businesses doing networking need to
> >>>> have things configured properly and most of them are coming to MS
> >>>> not Linux.
> >>>>
> >>>> Duane
> >>>
> >>> Which is a *real* strong argument for putting Microsoft out of
> >>> business. Sure, making crappy cars is good for mechanics-but it's
> >>> not so good for the US, now is it?
> >>>
> >>>
> >>
> >>
> >> Now do you really think that's going to happen? People working for
> >> MS or any business for that matter have mouths to feed, cars, and
> >> homes to make payments and kids to put through college. Do you
> >> really think that they are going to let something like Linux just
> >> take over the market? You can bet that MS will stop anything that
> >> becomes a threat, by any means necessary. Yeah, Linux may be good,
> >> but on the other hand, Linux has not put one dime in my pockets. And
> >> that's all that counts as far as I am concerned. Yeah, Linux will
> >> get its little share of the market and share it with the others who
> >> are sharing that same little share.
> >>
> >> Do you think MS is going to let happen to it like what happened to
> >> IBM? I would not count on that if I were you.
> > Do you think that IBM would have let it happen if it could have
> > prevented it? Maybe-*maybe*-Microsoft will learn from IBM's mistakes.
> > I don't see any sign of it so far. It seems far more likely to me that
> > Microsoft is arrogant enough to believe that it *can't* happen to them
> > because they don't make that kind of mistake. And if that's what they
> > believe, as their corporate culture, then eventually it *will* happen
> > to them & all those people with mouths to feed, etc. will be running
> > around asking "What happened?"
> >
> > It's happened before-often. Those who won't learn from history are
> > condemned to repeat it.
>
> IBM is doing pretty good htese days...they have a hand in all three next
> gen consoles, plus AMD. I thinkt he only way to really learn from your
> mistakes is to make them first sometimes.
>
> --
> Night_Seer
>
>