Related Entries security request fraud
Blaster laster
Ironic, is it not?
Another buffer overrun vulnerability
Security hole or stupidity?

« The Century Project
» Open Source Java

What's New in Windows 2003!

Secure a server by turning off all services.

O'Reilly Net: “There are still many features that the .NET developer should be salivating over. In this article, I will count down the top ten features that you should know about. ”

What caught my attention was the #1 reason!

#1. Security: Security has become the daily mantra of Microsoft these days, and this version of the OS proves it. After initial installation, absolutely nothing is turned on. In obvious contrast to previous incarnations of the OS, Windows Server 2003 has almost no surface area to lure hackers. Of course, one of the first things you will find yourself doing is turning on services (e.g., IIS, File Server, Print Services, DNS, etc.). Only what you specifically install will be enabled.

Underlining is mine. I don’t really understand what is to feel good about this. Does it mean that Win 2K3 server is very secure in its default configuration - with nothing running? Well, why don’t we just turn off the box, have highest possible security and save some electricity bills?

This is a server we are talking about. Meaning , it ought to be managed by people who know what they are doing.

Sarcasm apart, this should certainly help MS security a little bit. I still can’t digest the fact that it is being touted as a great step in making secure servers. Come on, a server is supposed to serve. Saying that you need to turn off all the services to make it secure somehow implies (to me at least), that the confidence levels in services are low.

On a slightly related note, I’m very skeptical these days about certifications. I used to believe in Oracle certifications. I’ve since then come across certified folks who have hard time understanding relational constraints.

  1. Company I worked for hired an MCSE who didn't know the first thing about PC troubleshooting to be the Network Admin. Needless to say, this was done without consulting me or the technical director. I think she lasted about two months.

    After she left, I was involved in the recruitment of a replacement and I made sure that the guy who was hired was technically competent, even if he didn't have an MCSE.

    I personally don't have any certifications and I've been an IT professional for nearly 14 years.

    To get my current job I had to solve a couple of problems presented to me involving recursion and database modelling.

    Posted by: Mamading Ceesay on May 5, 2003 07:31 PM