| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles) Subject: Windows is EASY and SECURE Dan wrote: > The rest of the > protection for those systems was based on proper network > segmentation, a solid understanding of the threats, turning > off unneeded services, hardening Web apps (see Writing Secure > Code, 2nd edition, by Howard and LeBlanc [Redmond, WA: > Microsoft Press, 2003]), and properly protecting Web servers > and the computer running SQL Server. Of course, this was a > specialized system with very limited functionality, but it > still shows that less is often more. > > Proper understanding of the threats and realistic mitigation > of those threats through a solid network architecture is much > more important than most of the security tweaks we turn on in > the name of security. > <snip> > I have to agree with Microsoft on the above section, as I believe most network professional also would. Understanding of threats and good network architecture (network segmentation, DMZs, etc) is needed to secure any server, not just Windows boxes. You need to protect Microsoft boxes, they are very chatty and like to talk to other Windows boxes. But they are saying in the last part that the network changes are more important than the tweaks. =) <New Microsoft Myth> "Myth 4 - Windows can't protect itself" To protect your servers you need a good network and threat vector understanding. Tweaking registry keys is just one step in a huge security puzzle. </Net Microsoft Myth> -Todd
Powered by blists - more mailing lists