ir.org> Subject: RE: Re: [ActiveDir] How Secure is a Domain Controller?> Date: Sun, 30 Apr 2006 11:44:55 -0500> > This has been making the rounds as of late, so I am not sure if it has been posted here:> > Security Myths and Passwords by Prof. Spafford> > and something from
I'm really interested to see how this pans out.
> Date: Sun, 30 Apr 2006 12:33:45 -0400> From: [EMAIL PROTECTED]> To:
> ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] How Secure is a Domain
> Controller?> > The answer to that last isn't terribly difficu
D]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Monday, April 03, 2006 10:06 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Sorry one more thing.. in a Center for Internet Security project to set
Baselin
ion -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Monday, April 03, 2006 10:06 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domai
y with a multiple of 7 chars being
most
>> counter productive.]
>> Food for thought,
>> neil
>>
>>
>>
--------------------
>> *From:* [EMAIL PROT
thought,
>> neil
>>
>>
>>
>> *From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
>> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>&
uot;:>> http://tinyurl.com/44zcz>> Weblog:
http://msmvps.org/UlfBSimonWeidner>> <http://msmvps.org/UlfBSimonWeidner>>> Website: _http://www.windowsserverfaq.org_
>> <http://www.windowsserverfaq.org/>>> Profile:>>
http://mvp.suppor
Ebitz - SBS Rocks [MVP]
Sent: Monday, April 03, 2006 9:06 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Sorry one more thing.. in a Center for Internet Security project to set
Baseline Operational Security Standards for protecting sensititive data
t;] *On Behalf Of *Ulf B.
Simon-Weidner
*Sent:* 05 March 2006 08:35
*To:* ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
*Subject:* RE: [ActiveDir] How Secure is a Domain Controller?
I've written down some related thoughts once:
http:/
> [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *Ulf B.
Simon-Weidner
*Sent:* 05 March 2006 08:35
*To:* ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
*Subject:* RE: [ActiveDir] How Secure is a Domain Controll
h a multiple of 7 chars being most counter productive.]
Food for thought,
neil
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Ulf B. Simon-Weidner
Sent: 05 March 2006 08:35
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How Secure is a Domain Controller?
I
s bordering on ridiculous.
- Original Message -
From: "joe" <[EMAIL PROTECTED]>
To:
Sent: Monday, April 03, 2006 12:13 AM
Subject: RE: [ActiveDir] How Secure is a Domain Controller?
I was once in a datacenter overseas where cell phones weren't allowed in
th
ssage -
From: "joe" <[EMAIL PROTECTED]>
To:
Sent: Sunday, April 02, 2006 9:39 PM
Subject: RE: [ActiveDir] How Secure is a Domain Controller?
Nope, not I. I was the one that stood up and started clapping a couple of
years ago when Stuart announced that Longhorn would have Serv
iveDir@mail.activedir.org
Subject: RE: [ActiveDir] How Secure is a Domain Controller?
I know SBS and Datacenter are mutually exclusive, but, being able to talk on
the phone and hear the other party while in a datacenter are also mutually
exclusive.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.
TECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz -
SBS
> Rocks [MVP]
> Sent: Sunday, April 02, 2006 4:49 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] How Secure is a Domain Controller?
>
> Good thing you don't work at my offi
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Tuesday, March 07, 2006 8:18 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Myrick, Todd (NIH/CC/DNA) [E] wrote:
Okay for you Sus
day, March 07, 2006 8:18 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Myrick, Todd (NIH/CC/DNA) [E] wrote:
> Okay for you Susan, I will modify my statement... Add IPsec filter that
only allows http traffic to update.microsoft.com. Also, in th
.
al
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:[EMAIL PROTECTED]
Sent: Mon 3/6/2006 2:27 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Question?
On a DC ...why do you need anti spyware?
lto:[EMAIL PROTECTED]
Sent: Mon 3/6/2006 2:27 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Question?
On a DC ...why do you need anti spyware?
If spyware enters via web browsing and email...and IE should never be
used/launched on a DC... why do y
.
Todd
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED]
Sent: Mon 3/6/2006 2:27 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Question?
On a DC ...why do you need anti spyware?
If
m.
10. TBD
Todd Myrick
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*Sent:* Monday, March 06, 2006 11:23 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] How Secure is a Domain Controller?
I understand/stood what you were saying, just was hoping to br
: Monday, March 06, 2006 9:25
AMTo: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] How Secure is a Domain Controller?
The use of >20 char passwords caught my
eye.
In previous discussions with MS et al, it was suggested
that the majority of users would simply repeat a (
]
Sent: Monday, March 06, 2006 11:23
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How
Secure is a Domain Controller?
I understand/stood what you were saying,
just was hoping to bring out a clearer answer for some of the lurker/newbies on
the list (of which there are many
PROTECTED]Sent: Monday, March 06, 2006 9:52
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
How Secure is a Domain Controller?
You mis-understand :)
Ulf was suggesting that in order to protect the AD data on
a poorly protected DC, that strong passwords should be used that are harder
9:52
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
How Secure is a Domain Controller?
You mis-understand :)
Ulf was suggesting that in order to protect the AD data on
a poorly protected DC, that strong passwords should be used that are harder to
crack.
In the event that the disks
@mail.activedir.orgSubject: RE: [ActiveDir] How Secure is a
Domain Controller?
Based on the subject of this discussion: if you have those
regular users, who can't comprehend or remember a password over 7 characters,
signing on to your domain controllers I would say that your domain contro
zy as to
be using 7 character passwords you are still very
insecure.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Monday, March 06, 2006 2:25
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
How Secure is a Domain Controller?
The use of >
5To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] How Secure is a
Domain Controller?
I've written down some related thoughts
once:
http://msmvps.com/blogs/ulfbsimonweidner/archive/2004/10/24/16568.aspx
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die
/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
EdwinSent: Saturday, March 04, 2006 10:17 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] How Secure is a
Domain Controller?
How Secure is a Domain Controller
that is fully patched on a default install of Window
veDir@mail.activedir.orgSubject: [ActiveDir] How Secure is a
Domain Controller?
How Secure is a Domain Controller
that is fully patched on a default install of Windows 2003? When
promoted the domain controller has the two default policies, both of which are
recommended not to be modified.
: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How Secure
is a Domain Controller?
I've written down some related thoughts
once:
http://msmvps.com/blogs/ulfbsimonweidner/archive/2004/10/24/16568.aspx
Gruesse
- Sincerely,
Ulf
B. Simon-Weidner
MVP-Book "Window
Website: http://www.windowsserverfaq.org Profile: http://mvp.support.microsoft.com/profile="">
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
EdwinSent: Sunday, March 05, 2006 4:17 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] How Secu
CTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Sunday, 5 March 2006 4:55 p.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How Secure is a Domain Controller?
Boy that's an open question isn't it?
Books and white papers hav
about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Edwin
Sent: Sat 3/4/2006 7:17 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How Secure is a Domain Controller?
How Secure is a Domain Controller that is fully patched on a default install
of
Boy that's an open question isn't it?
Books and white papers have been written on this issue alone.
I'd recommend that you grab the "Threats and Countermeasures" guide and
look at the Security Configuration Wizard.
http://www.microsoft.com/technet/security/topics/Serversecurity/tcg/tcgch00.ms
How Secure is a Domain Controller that is fully patched on a
default install of Windows 2003? When promoted the domain controller has
the two default policies, both of which are recommended not to be
modified. But there are things that could be done better for added
security. For example
36 matches
Mail list logo
