[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntsecurity
Subject:    Re: [NTSEC] NT4.0's built in tcp/udp/ip filtering
From:       Jim Ainley <jainley () slip ! net>
Date:       1997-11-26 1:23:03
[Download RAW message or body]


TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Sending subscribe, unsubscribe, quit, remove, or any other variation to
ntsecurity@iss.net WILL FAIL!  If your E-Mail address has changed or you did
not save the welcome message - contact ntsecurity-owner@iss.net for help!

I was told the following...

Turn off all the services you don't need - messaging service, etc.

FILE SHARING is supposed to be a big security hole, so turn it off
when you don't need to use it.

Use a difficuly password for the Administrator account;
1) No word that could be in ANY dictionary (English, chinese, French, Slang,
etc)
2) Use characters that have to be entered by hitting the <SHIFT> key.

Suggestion:
Take a lyric from a song, story, or even a commercial, make an acronym from it,
then tweek it a bit. Example:

Jingle:          I wish I were an oscar mayer wiener
Acronym:    IwIwaomw
Tweeked:    !w|wa0MW     <--- 3rd char is a PIPE symbol & 6th char is a ZERO

Looks jumbled, the acronym isn't in ANY dictionary, and the password will be
next
to impossible to run thru any number of dictionarys.

Now, you don't need to make it as difficult as this, but it's easy to see that
remembering
new passwords don't have to be that hard.

Excuse me if I'm a little pushy about passwords, I've been a locksmith (years
gone by)
and it makes me shake my head when someone calls up and orders high-security
locks (unpickable/unbreakable) for their front door, go to install it, and find
out they they have either a hollow door or a window right next to the door.  Go
figure...

    Jim...





Lewman, Andrew wrote:

>  If I deny all but TCP port
> 80 to the outside nic, is this as secure as configuring a Cisco to only
> allow eq 80 to the webserver?  I don't do routing or IP forwarding
> between the nics.

[prev in list] [next in list] [prev in thread] [next in thread]