• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Unneeded Software on Windows Servers

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering

View previous topic :: View next topic  
Author Message
secmog
Just Arrived
Just Arrived


Joined: 26 Jul 2005
Posts: 0


Offline

PostPosted: Tue Jul 26, 2005 4:25 am    Post subject: Unneeded Software on Windows Servers Reply with quote

Need official documentation on best practice of "NOT" installing unneeded software on Windows Servers.
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Tue Jul 26, 2005 4:42 am    Post subject: Reply with quote

Ok.
Back to top
View user's profile Send private message
darkog
Just Arrived
Just Arrived


Joined: 26 May 2005
Posts: 0
Location: Toronto, Ontario, Canada

Offline

PostPosted: Tue Jul 26, 2005 5:17 am    Post subject: Reply with quote

hi. it sounds like you are perhaps looking for a policy resource? try this link:

http://www.sans.org/resources/policies/

most of use refer to it and go on from there to other links included on page.

good luck.
Back to top
View user's profile Send private message Visit poster's website
secmog
Just Arrived
Just Arrived


Joined: 26 Jul 2005
Posts: 0


Offline

PostPosted: Tue Jul 26, 2005 6:02 am    Post subject: Reply with quote

Actually a fellow admin who thinks it's a good idea to install Administrative Tools, Support Tools and Resource Kit on all company Windows servers. I have some documentation but wanted more to reinforce the point...even though this should be a non-issue. Just want to follow best practice
Back to top
View user's profile Send private message
darkog
Just Arrived
Just Arrived


Joined: 26 May 2005
Posts: 0
Location: Toronto, Ontario, Canada

Offline

PostPosted: Tue Jul 26, 2005 1:09 pm    Post subject: Reply with quote

i am confused. if i understand correctly, a fellow IT co-worker would like to install support tools (wininternals, ethereal, win resource kit tools, e.tc..) on users workstations and you would like to convince them not to?

i personally haven't seen any reports dealing with only giving users programs that they need and nothing else.

but off the top of my head i can say, most support tools are very small and install very simple. storing them on a network file share and running them off the file share is usually a non-issue and very convenient.
Back to top
View user's profile Send private message Visit poster's website
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Tue Jul 26, 2005 2:18 pm    Post subject: Reply with quote

darkog wrote:
if i understand correctly, a fellow IT co-worker would like to install support tools (wininternals, ethereal, win resource kit tools, e.tc..) on users workstations and you would like to convince them not to?


actually he said on windows servers, not workstations.

IMHO it depends what they are.
If they are actually running something like a service (eg a TFTP server, or VNC client for example) that is definitely a bad thing as it will increase the attack surface.
If they are just installed passively and have to be run then I would suggest they should only be installed where they are actually needed. By definition this means not many places since most can be run from an admin workstation instead. You should also secure the use of them using policues or nTFS permissions on the executables (or both!)
If a server is compromised and you have already provided lots of handy admin tools for an attacker to use, that helps them, but realistically if they have got to that stage it is likely they could do without basic MS tools anyway or install what they want. Again, it depends what they are - giving them a TFTP server to use, even if it is not running, is a bit too helpful.

As for resource kit I would be more inclined to only install specific components as and when required.

If by installed you mean copied to a share to be downloaded (which I don't think you do mean) then I see no issue here as long as that is secured properly and not everyone can just install stuff.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register