On Sat, 17 Jan 2004 10:20:56 PST, Jim Race <caferace@well.com> said: > Since the ping-pong game is far past 21 points... > > How safe would you consider: > > A WinXP box with all current patches > A properly configured HW firewall > ICF enabled, web services ONLY enabled and all ICMP requests disabled > Apache (latest) installed with no add'l modules (static pages only) > NOT running Outlook or OE > Mozilla with Java and JS disabled in email > An "admin" who knows not to run attachments > No add'l (hated) SW firewalls > No AV stuff running, except when scanning known executables What's your threat model? Does it have to be "safe" against just the random crap that is background noise on today's networks, or are there other considerations? What's your trade-off model? If it *does* get whacked, what are the consequences? Remember to *NOT* spend more time/money/effort on securing it than you would lose if it was in fact compromised. There's two main classes of attacks to worry about: the "random noise" of all the worms and viruses, and targeted attacks by opponents of varying skill and resources. The hardening you describe is probably quite sufficient to repel most of the "random noise", so it's the second category you need to worry about. If it's a personal machine, you're just using Apache to serve up photos of the barbeque to your friends, and the worst that happens is you have to reload your 'My Documents' folder off a CD-ROM backup, you're probably *very* safe. Just remember to not piss off a script kiddie on IRC. ;) If you're using the machine to access a corporate database, you probably want to do some more policy-level and ACL hardening on the inside - the biggest threat to your HR database is still an underpaid secretary in Accounts Receivable. If you're using the machine in a true life-or-death environment (medical monitoring, processing classified data, launch codes, etc), you're nowhere near hardened enough.
Attachment:
pgp00030.pgp
Description: PGP signature