Firewalls: Re: NT Service Security

Firewalls
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NT Service Security
From:	Adam Shostack <adam @ homeport . org>
Date:	Sat, 13 Apr 1996 15:24:30 -0500 (EST)
To:	BARACCUS @ aol . com
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<960411131807_373484886 @ emout07 . mail . aol . com> from "BARACCUS @ aol . com" at Apr 11, 96 01:18:08 pm

BARACCUS @
 aol .
 com wrote:

| When running Web Servers or any servers on NT such as FTP Server, Sendmail
| Servers,etc is it better to create a login ID for that service and configure
| the service to login with that specific ID. As a default NT services use the
| SYSTEM account. Is this safe???????? What is the most secure??

	Well, if theres a specific account for the service, then when
the firewall is broken into, the ftp account shouldn't have the run of
the system.  If everything is run out of the SYSTEM account, how do
you protect yourself from bad services?

Adam

PS: I know little about NT.   The above is just common paranoia.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:

NT Service Security
From: BARACCUS @ aol . com

Indexed By Date	Previous:	Re: Cracking NT via RAS From: Stefan Gal <sgaul @ prolog . net>
Indexed By Date	Next:	Re: Java port of S/Key? From: Jim Thompson <jim @ butthead . SmallWorks . COM>
Indexed By Thread	Previous:	NT Service Security From: BARACCUS @ aol . com
Indexed By Thread	Next:	Hi Dave, From: Kevin Nelson <knelson @ essi . com>