| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft Teaches Windows Server 2003 Security With Guides | |
|
||
| Time: 00:00 EST/05:00 GMT | News Source: Internet Week | Posted By: Todd Richardson | ||
|
Microsoft has posted a pair of tutorials to walk IT administrators through the process of securing Windows Server 2003, the new operating system software it launched last Thursday. The how-to "Windows Server 2003 Security Guide," which can be downloaded from the Microsoft Web site in Acrobat format, features sample configurations, security checklists, templates, and scripts for securing eight different types of servers running the new software, including print and file servers, IIS and IAS servers, and domain controllers. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 320 Last | Next |
The time now is
7:27:33 AM
ET.
Any comment problems? E-mail us |
| #1 By 135 (208.50.204.91) at 4/29/2003 1:14:38 AM |
| Good stuff. I'm using the Windows 2000 document and templates as the baseline of for one of our new web apps at work. |
| #2 By 2459 (24.170.151.19) at 4/29/2003 3:32:04 AM |
| A question one may ask however, nom, is that of all the eyes watching Linux source, is the majority harmless/helpful, or do they have malicious intent. ;-) |
| #3 By 7390 (63.211.44.114) at 4/29/2003 5:03:34 AM |
|
Nom, interesting points
Are you saying that Microsoft doesn't have code reviews? How many eyes does it task to review code? What does Bill Gates looking at code have to do with anything? And to honest I don't think that I want him to. Nothing against him I just prefer to let the expert programmers that he has hired do such things. And let him focus on doing on what he has done: run one of the most successful company in the world. |
| #4 By 6253 (12.237.219.240) at 4/29/2003 11:52:46 PM |
|
nom, the problem with open source code reviews is that 80% of all code is inherently boring and 20% is interesting. If you write code, you know that even the code which was challenging and interesting last month is boring this month.
This is why vulnerabilities still get found in things like bind, which "should" have been reviewed by more people than Microsoft has ever employed. Large chunks of bind source code are simply no fun to look at, especially if they do mundane things which rarely need changing. Once in a blue moon, something like Apache gets a lot of code reworked and thus reviewed, but look how successful Apache 2.0 has been; apparently, relatively few people are ready to trust the freshly reviewed 2.0. In reality, it's probably more secure than stagnant sections of 1.3 code. In commercial development, there are people whose jobs include being responsible for any given piece of boring code (hopefully some interesting code as well). You might still have an underqualified, lazy employee here or there, but that's why you have group reviews. I don't have anything against open source except for its hype. Open source is good in many ways, but it's not fundamentally more secure than closed source. The only security advantage open source has is distribution. Today, Microsoft has localized versions of Windows 2000 being manufactured, warehoused, and distributed worldwide through Retail, Select, Open, Academic, ISV, and MSDN channels. There are people who deal with shipments, returns, and other logistics, using different currencies, TTY numbers for the deaf, etc. Most Windows 2000 SKUs will be available for 5+ years, even though Windows Server 2003 is shipping. Because many customers insist on managing their own change control, every Windows 2000 CD-ROM produced today contains Build 2195, the same one which was GA in February 2000. Most SKUs include SP3 on an accompanying CD-ROM, and OEMs like Dell can ship slipstream media where SP3 and/or hotfixes are integrated, but Windows 2000 "seems" less secure only because you have to apply 3+ years worth of updates to the code as it is distributed. With typical open source, somebody slaps the latest German or English or Russian version on an ftp site, begs for mirrors, promises to think about localization, and maybe contracts for a limited number of CD-ROMs to be pressed and shipped in their home country. A vulnerability is found? Post the updated version and "archive" the vulnerable version, which discourages it from being downloaded and also hides the vulnerability history from public view. Want to order a brand new CD-ROM of Red Hat 6.1 (which was shipping when Windows 2000 launched)? Sorry, Red Hat neither supports it nor sells it anymore. You're going to have to settle for a CD-R burned by a packrat you find in a newsgroup, but even he isn't sure that it's a good copy of 6.1. Hey, what fool would check it by loading 6.1 today? If you had to patch every vulnerability in the 6.1 distro (not just the kernel but packages like Netscape 4.61), you could spend days patching. Intelligent Windows admins use tools like RIS, GPO, SUS, etc. to simplify the task of setting up new machines with the latest updates, but with tens of millions of Windows "admins" in the world, the laws of statistics guarantees that millions of them are barely competent enough to run d:\setup. Once the open source world accumulates enough of these folks, it will become much clearer that open source is not inherently more secure. |
| #5 By 931 (67.35.52.222) at 5/1/2003 3:08:43 AM |
|
These kinda guides have existed for some time for win2k and even as far back and winnt4.
The problem was they were typically EXTREMELY hard to come across.. and the good stuff was buried in little pieces of multiple documents and "architecture" papers.. It's cool that they have cobbled them all into one set.. it should help the less persistent admins out there. btw some most of this kinda of data was buried in the microsoft data center systems architecture documents..and associated addendums though I dont know many people that read the 1000's of pages of that document... filled 3 3" binders..lol |
|
Write Comment
Return to News |
Displaying 1 through 25 of 320 Last | Next |
The time now is
7:27:34 AM
ET.
Any comment problems? E-mail us |
