Vicky Ames | 19 Mar 19:52 2002
Picon

Re: PGP for XP

Chris,

That is correct.  Nor will there be a commercial version of PGP that works
properly with XP anytime soon.  NAI has put the product into maintenance
mode and will do no further development on it.  It's also not for sale at
the moment so there won't be a PGP version that works with XP in the
foreseeable future.

Vicky

----- Original Message -----
From: "[C] Teodorski, Chris" <cteodorski <at> ppg.com>
To: <security-basics <at> securityfocus.com>
Sent: Monday, March 18, 2002 3:50 PM
Subject: PGP for XP

> >From what I understand there is no PGP that currently works with Windows
XP, is this correct?
>
>
>
> ----------------------------------------
> Chris Teodorski
> LAN Services
> PPG Industries, Inc.
> cteodorski <at> ppg.com
> (412) 434-1658
>
> "In regione caecorum rex est luscus."
> [In the country of the blind the one-eyed man is king.]
(Continue reading)

Tim Donahue | 19 Mar 19:08 2002

RE: PGP for XP

I have PGP freeware running on my XP computer.  It is version 7.0.3

Tim Donahue

-----Original Message-----
From: [C] Teodorski, Chris [mailto:cteodorski <at> ppg.com] 
Sent: Monday, March 18, 2002 3:51 PM
To: security-basics <at> securityfocus.com
Subject: PGP for XP

From what I understand there is no PGP that currently works with Windows XP,
is this correct?

----------------------------------------
Chris Teodorski
LAN Services
PPG Industries, Inc.
cteodorski <at> ppg.com
(412) 434-1658

"In regione caecorum rex est luscus." 
[In the country of the blind the one-eyed man is king.] 
                       --- Erasmus, Adagia 

Jeff Beining | 19 Mar 19:43 2002

FW: Help With firewall ports

I think he wants help with - and if I'm wrong, then I'll ask it, because
I've been looking for something like this - what each port is used for. Does
anyone know of a list or a resource that will tell me what all the ports
listed in /etc/services are for, or what uses them, or a general list of
ports and services that use them???

-J

-----Original Message-----
From: Jeff Kerber [mailto:jkerber <at> kerber-family.net]
Sent: Monday, March 18, 2002 4:51 PM
To: Clint Goodwin; security-basics
Subject: RE: Help With firewall ports

Clint,

You're approaching this from the wrong angle... Don't look at what ports you
should block, look at the ports you need open. Open only those that are
necessary. Close everything else.

-----Original Message-----
From: clint <at> securityfocus.com [mailto:clint <at> securityfocus.com]On Behalf
Of Clint Goodwin
Sent: Sunday, March 17, 2002 4:47 AM
To: security-basics
Subject: Help With firewall ports

Hi all,

    I was wondering what would be a good list of ports to block at my
(Continue reading)

Meritt James | 19 Mar 20:17 2002

Re: CISSP Study Book.

I'm hearing a lot of good stuff about _The_CISSP_Prep_Guide_ by Krutz &
Vines.

A bit of bad stuff, too, but what the hey...

V/R

Jim

Billy D Walls wrote:
> 
> I was wondering, what is the best study guide for a CISSP.  I'm browsing
> amazon.com right now, and with all my projects eating all my time, and my
> small budget, I think I need insight. :) Thanks guys.
> 
> [If this was a thread that was beat to death that I didn't find in the
> archive, let me know, and kill this thread ASAP.]
> 
> Bill D Wills
> BOFH MIB TSE
> Starving Students LLC
> "My Frame Pointer...I...I can't feel my frame pointer..."
> 
> _________________________________________________________________
> Join the worldÂ’s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com

--

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
(Continue reading)

Eric Zatko | 19 Mar 22:50 2002
Picon

Nessus follow up question.

Hello Everyone,

First I want to thank everyone that passed along advice regarding free system hardening software. Nessus
seems to be the undisputed choice, but there were a few other options and I will look into all of them.

Secondly, I will need to put Unix/Linux on a machine to use Nessus so I'm looking for advice. First, are there
advantages to putting it on my laptop? If so, any recommendations for dual-boot software? Next, has
anyone used VMWare, and if so would it work in this application, or is there a better solution?

I know there are a lot of questions here... so if you rather, just give me your best solution. Again, in a
bureaucracy, free is always better.

Many thanks in advance.

Eric Zatko
e-mail: ezatko <at> co.lucas.oh.us

[C] Teodorski, Chris | 19 Mar 20:16 2002

RE: CISSP Study Book.

What about the SSCP Certification....any recommendations for that?  I'm looking for a good entry
level/beginner cert.....any suggests are welcome....

-----Original Message-----
From: Billy D Walls [mailto:stauph <at> hotmail.com]
Sent: Monday, March 18, 2002 7:09 PM
To: security-basics <at> securityfocus.com
Subject: CISSP Study Book.

I was wondering, what is the best study guide for a CISSP.  I'm browsing 
amazon.com right now, and with all my projects eating all my time, and my 
small budget, I think I need insight. :) Thanks guys.

[If this was a thread that was beat to death that I didn't find in the 
archive, let me know, and kill this thread ASAP.]

Bill D Wills
BOFH MIB TSE
Starving Students LLC
"My Frame Pointer...I...I can't feel my frame pointer..."

_________________________________________________________________
Join the world's largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

Murtaza Nooruddin | 20 Mar 07:37 2002
Picon

Win2k file share monitor

This might sound like a basic admin question. But is it possible in windows
2000 to log or monitor file access (both normal and admin shares) via
network.

Can this be enabled or disabled, any security risks involved?

_________________________________________________________
Do You Yahoo!?
Get your free  <at> yahoo.com address at http://mail.yahoo.com

linux | 20 Mar 00:24 2002
Picon
Picon

Re: Security Engineers Field Tool Kit

Perhaps you are talking about http://crashrecovery.org 

On Sunday 17 March 2002 02:24, you wrote:
> Can you ISO that CD?
>
> ----- Original Message -----
> From: "Simon Taplin" <simon <at> pop.co.za>
> To: <security-basics <at> securityfocus.com>
> Sent: Friday, March 15, 2002 9:51 AM
> Subject: RE: Security Engineers Field Tool Kit
>
> > On Mon, 2002-03-04 at 17:06, Pradeep Pillai wrote:
> > > Folks, what would comprise a Network Enginners tool kit.
> >
> > <---snip--->
> >
> > > What else can you think of ?
> >
> > at the rsa conference in san jose last month,  <at> stake was giving out
> > credit card sized cd's that were bootable x86 linux distros. i can't
> > seem to find any info about this on their site, but they were called
> > "Pocket Security Toolkit 3.0". anyway, here's a listing of what software
> > they included:
> >
> >
> > Does anybody know of a similar kit for Windows?
> >
> > Simon
> >
> > ---
(Continue reading)

dhar | 20 Mar 10:24 2002

Proxy Scanner

Hello,

Would there be a proxy scanner which works under Linux, something like
Proxy Hunter that works on Windows?

Regards
Sumit Dhar

--

-- 
"Many that live deserve death. And some that die deserve life. Can you give it to them? 
Then do not be too eager to deal out death in judgement. For even the very wise cannot 
see all ends." [Gandalf in LOTR] 

pub  1024D/7AB2D05A 2002-02-24 Sumit Dhar (Sumit Dhar, SLMSoft.com) 
Key fingerprint = 4A18 D20D 3D15 6C5B CD2F  8E45 B903 0C29 7AB2 D05A

JohnNicholson | 19 Mar 20:16 2002
Picon

RE: A question about logon banners

It's a good practice to notify any potential user that the use of the system is limited to authorized users,
that the owner of the system can monitor everything, etc.  In the case of government-owned systems, in
particular, that kind of warning creates a clear expectation on the part of the user that there is no right
to privacy in the information that he/she passes over the system.  

However, in no case that I have seen was the use of the word "Welcome" even discussed as being relevant.

If anyone can point me to a law or a case that said that the use of the word "Welcome" in a logon banner means that
anyone is automatically an authorized user, I'd be grateful (not to mention stunned, but courts have
decided weirder things). 

To say that using "Welcome" in your logon banner turns everyone into an authorized user is absurd. The
equivalent is saying that a theif who uses a skeleton key (or even a copied or stolen key) to get into your
house is not trespassing (or even breaking and entering) just because you put down a "Welcome" mat.

The key question in every case that I've seen has been whether the person was an authorized user. The owner of
the system gets to decide who is authorized. Period. Saying "Welcome" doesn't cut it, it's just being polite.

Odds are that the policies you mention, Robert, were developed as a result of someone citing this urban myth
about the use of "Welcome", and so the fiction became policy. 

John

In a message dated Tue, 19 Mar 2002  1:51:54 PM Eastern Standard Time, "Kinsey, Robert"
<Robert.Kinsey <at> Veridian.com> writes:

> John,
> 
> I have also seen other systems/networks that were required (by law???) to
> meet certain criteria with their login banners.
(Continue reading)


Gmane