FW: Worms versus Bots now religion host security vs firewall/nat/acl

Smith, Donald Donald.Smith at qwest.com
Tue May 4 22:47:27 UTC 2004

The goal of the document is clearly stated below. 
Feel free to read the document and make suggestions (within scope) for
The document is not intended to take the place of hardening XP
Today I learned from Sean that the firewall portion of XP sp1 comes up
after services are enabled.
I will request that information be added to the pdf.

I am NOT arguing against firewalls. I like them, I use them, their

Security in depth is a good idea, one that I support, encourage and

Donald.Smith at qwest.com GCIA
pgpFingerPrint:9CE4 227B B9B3 601F B500  D076 43F1 0767 AF00 EDCC
kill -13 111.2 

> -----Original Message-----
> From: Rob Nelson [mailto:ronelson at vt.edu] 
> Sent: Tuesday, May 04, 2004 4:26 PM
> To: Smith, Donald; Daniel Senie; Sean Donelan
> Cc: nanog at merit.edu
> Subject: RE: FW: Worms versus Bots
> >The goal of this document is help new XP users survive long 
> enough to 
> >do their updates. Many of them cant/wont put up 
> acls/nat/firewalls ... 
> >but if they follow the steps listed they have a better chance of
> >successfully downloading and updating their new machine then 
> they will
> >have with OUT these steps.
> >It is not meant as a complete XP hardening document. There 
> are lots of
> >documents that discuss in detail how to harden
> >windows (xp,nt,2k...).
> If the person doesn't continue to do acls/nat/firewalls, 
> they'll just get 
> infected after the next hole is discovered. And yes, there 
> are plenty of 
> holes that a firewall/nat box won't fix. Still, better than 
> the user only 
> doing Windows Update on the day of install and never having a 
> firewall...
> Rob Nelson
> ronelson at vt.edu

More information about the NANOG mailing list