http://www.jsiinc.com/TIP0000/rh0096.htm
This tells you how to disable admin. shares. I don't recall if it
actually works though.
-Jason
On Fri, 11 Jun 1999, Brian Steele wrote:
> Date: Fri, 11 Jun 1999 20:06:04 -0400
> From: Brian Steele <[EMAIL PROTECTED]>
> To: Jean Morissette <[EMAIL PROTECTED]>,
> "Paul D. Robertson" <[EMAIL PROTECTED]>,
> Don Kelloway <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: Why not NT?
>
> I think there's a reg-hack for it, but I can't remember what it is. Check
> one of the NT newsgroups.
>
> Brian Steele
>
> -----Original Message-----
> From: Jean Morissette <[EMAIL PROTECTED]>
> To: Paul D. Robertson <[EMAIL PROTECTED]>; Don Kelloway
> <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Friday, 11 June, 1999 3:12 PM
> Subject: RE: Why not NT?
>
>
> >Well, since we have the attention of all NT'ers now I have a quick
> question:
> >
> >Is there a better way to delete the unwanted shares like c$, d$, admin$
> >etc... than running a DOS batch file every time an admin logs in?
> >
> >Thanks
> >Jean Morissette
> >
> >> -----Original Message-----
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED]]On Behalf Of Paul D. Robertson
> >> Sent: Thursday, June 03, 1999 8:08 AM
> >> To: Don Kelloway
> >> Cc: [EMAIL PROTECTED]
> >> Subject: Re: Why not NT?
> >>
> >>
> >> On Wed, 2 Jun 1999, Don Kelloway wrote:
> >>
> >> > But IMO, I think people are either forgetting or overlooking
> >> the fact that
> >> > the Windows NT4 op/sys can be made "C2" and "E3/F-C2" secure
> >> and that the
> >>
> >> 1. C2 doesn't mean much at all, executive summary is "Have to log on to
> >> access the system and it logs that fact." Discretionary access control
> >> isn't exactly rocket-science.
> >>
> >> Right from the evaluation report itself:
> >>
> >> The TOE implements all of the security enforcing features of
> >> Functionality
> >> Class F-C2 defined in Scheme Information Notice (SIN) No. 053
> >> [k] which is
> >> based on TCSEC [j] Class C2 requirements. These features are:
> >>
> >> a. mandatory identification and authentication of all users;
> >>
> >> b. Discretionary Access Control (DAC);
> >>
> >> c. accountability and auditing; and
> >>
> >> d. object reuse.
> >>
> >> 2. Trusted Solaris has E3/F-B1, does that make it a better firewall
> >> platform?
> >>
> >> 3. The NT 3.51 evaluation was used as a basis for the ITSEC
> >> certification.
> >> According to the ISEC report, the new SEFs evaluated provide:
> >>
> >> a. simplified user administration by supporting the
> >> configuration of an
> >> initial user profile (covering facilities available to the user)
> >> established the first time a user logs onto the TOE; and
> >>
> >> b. simplified system administration by providing a 'system policy'
> >> that can be used to configure a number of machines.
> >>
> >> Big firewalling properties there! To be fair, they did peek at a few
> >> lines of code including some that were previously evaluated.
> >>
> >> [off-topic aside follows]
> >>
> >> Dredging up the 3.51 report shows an interesting requirement
> >>
> >> p. Each domain and computer within a domain shall be assigned a unique
> >> name.
> >>
> >> [end of off-topic aside]
> >>
> >> The 3.51 evaluation also states the system is supposed to protect against
> >> access by untrusted Workstations or Domain Controllers, but we've
> >> historicly had Linux boxes with SAMBA take over and refuse to relinquish
> >> the PDC role accidently in the past and 3.51 had the whole LM hash
> >> problem.
> >>
> >> > "E3/F-C2" is widely acknowledged to be the highest ITSEC
> >> evaluation rating
> >> > that can be achieved by a general-purpose operating system and "C2" is
> >>
> >> Define "general-purpose operating system" and describe how DG/UX at
> >> _Red_Book_ *B2* doesn't meet that criteria. (The Red Book includes
> >> trusted networking for those following along) Security starts at B1, and
> >> assurance is really B2 and up.
> >>
> >> The gulf between C2 and B2 is far and wide and includes a source code
> >> review of the Trusted Computing Base.
> >>
> >> > widely acknowledged to be the highest TCSEC evaluation rating
> >> that can be
> >> > achieved by a general-purpose operating system.
> >>
> >> Firewalls aren't general-purpose computing functions, so I'm not sure the
> >> argument isn't specious anyway.
> >>
> >> The Common Criteria seem to me to be the ISO-9000 of evaluations.
> >> Correct me if I'm wrong, but under ITSEC and the CC doesn't the
> >> evaluation team run tests specified/developed by the manufacturer?
> >>
> >> I have a much higher general assurance of the TCSEC at B2 and above.
> >>
> >> Paul
> >> ------------------------------------------------------------------
> >> -----------
> >> Paul D. Robertson "My statements in this message are
> >> personal opinions
> >> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
> >>
> >> PSB#9280
> >>
> >> -
> >> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> >> "unsubscribe firewalls" in the body of the message.]
> >>
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
