On Thu, 3 Jun 1999, spiff wrote:
> Yet earlier in the .doc it is stated " All hard-disk partitions must be
> formatted with NTFS" as a precondition of ITSEC FC2-E3 certification. That
> "(Optional) Install applications (such as Microsoft Office 97) as
> required."
>
> Yes don't forget to install the GUID stuff, as well as other sys level
> stuff that will, most probably, un-do many of the carefully implimented
> registry settings you have just made. Back to start, do not pass go...
> Ok, so you have a secure NT sysyem that has no apps. Now go back to the
> computers that actually run your buisness, with the apps that you use to
> run your buisness and rest assured no one will break into your NT server,
> there's nothing there!
This reminded me of the advice given by an M$ premier support engineer
some time ago. I complained to him the difficulty of making some M$
software actually working on an NT machine which I have tightened up. I
have to relax certain access control but there was no document whatsoever
to document what is required. What I did was turn on the auditing of the
whole harddisk and look for access violations and grant the permission bit
by bit including some I don't really like.
Guess what is his reply ?
"Use FAT instead of NTFS, then you don't need to worry about the
permissions" !!!
Is this typical M$ attitude towards (and lack of knowledge on) security ?
What level of security assurance you can have if a "properly trained"
support engineer from the OS vendor tell you something like that ?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
