Re: RWW Security was compromised.
From: SuperGumby [SBS MVP] (not_at_your.nellie)
Date: 01/25/05
- Next message: Bill Peng [MSFT]: "RE: Companyweb geting page cannot be displayed"
- Previous message: Merv Porter [SBS-MVP]: "Re: Server Performance Report ???"
- In reply to: Therion: "Re: RWW Security was compromised."
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: RWW Security was compromised."
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: RWW Security was compromised."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 25 Jan 2005 14:33:04 +1100
Though RWW has this (what I consider) security flaw I prefer its use to VPN.
I've opened a discussion with the other SBS MVPs where I admit to not
implementing all aspects of 'best practice' in a security context, neither
for my LoungeAN nor client systems. If anything worthwhile comes from it I'm
sure it will drift through to the group.
We all agree that changing the admin account and enforcing password change
and complexity via policy are good principles. I supply consulting services
to clients. If my clients allowed me to implement these items I would feel
good, but that's often not the case.
"Therion" <therion@outlook.com> wrote in message
news:uEHHwsoAFHA.2676@TK2MSFTNGP12.phx.gbl...
> Larry,
>
>
>
> Not to restate what has already been said, but the single most important
> part of all this is the renaming of the administrator account. I suspect
> that had this been done the attacker would have given up long ago. (Only
> 500 attempts, that was fast!) Secondly password strength, especially on
> privileged accounts. I know it is difficult to get SMB's to adopt good
> password policies but it must be done if you have services open to the
> public. If you can't do it globally, then at least use them on privileged
> accounts.
>
>
>
> Now, off to the real issue. MS has made a huge mistake. SBS is targeted
> towards the small business market with the intent of their non-engineer
> staff deploying and maintaining it. MS has touted how they have adopted
> this new "tightened security" model out of the box, and yet this comes to
> surface. Shame on MS! At least they do offer the renaming of the admin
> account in step for of the best practice help document and include that
> reference in as the first To-Do, but still they know this will only get
> done a small percentage of the time.
>
>
>
> The only solution I can offer is to do what everyone has said for the time
> being regarding renaming the admin account and keeping good password
> policies. I also suggest that you remove RWW from the public side of your
> network and implement VPN for those users that need it. If they actually
> need the desktop access RWW offers they can use it from there. Bare in
> mind though that using VPN is a secure method of gaining access to the
> "entire" network, however it has it's own drawbacks as you need to trust
> the machines coming in as being virus free etc.
>
>
>
> Good luck and thanks for sharing your findings as it has helped me make
> some decisions regarding its use. J
>
>
>
> ~/bin/Therion
>
>
- Next message: Bill Peng [MSFT]: "RE: Companyweb geting page cannot be displayed"
- Previous message: Merv Porter [SBS-MVP]: "Re: Server Performance Report ???"
- In reply to: Therion: "Re: RWW Security was compromised."
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: RWW Security was compromised."
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: RWW Security was compromised."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
