From: Adam Flinton 

John Beckett wrote:
> "Brian"  wrote in message
> news::
>
>>Not really, if you harden the box and remove things like ISAPI and WebDav,
>>your chances of getting hacked are much lower. Part of the problem with IIS
>>is that the hacks spread through pieces of code most people aren't using.
>>Anyone here use WebDav?
>
>
> You sort-of have a point. However, the cold shower of reality says that
> you will NEVER know all the items patched in a service pack, and you have
> NO chance of hardening your system by following random advice found on the
> Internet.
>

Very true. However how des the Inet get onto your Win2K box? I have had a
policy of never directly exposing Windows to the net ever since ever. If I
have to e.g. dial up account on laptop then I try & limit my exposure
by running nearly nothing network related. Other than that I've NAT'ed
windows connections via OS/2 & then linux since ever.

Right now you go to my home LAN & you'd see a single (linux) machine
running 2 services (http & ssh). If you want to get through to the
Windows desktop or my work win2k laptop from the outside you can but only
by logging into the linux laptop via ssh & then using that ssh server
to redirect stuff to the Win2k desktop.


> Your advice is good, AFTER applying the latest service pack and all
> critical updates.
>

How many of these updates etc are OE/IE? So if you're using moz as web
browser/mailer/newsreader...


> Besides, a service pack can fix important bugs. Yes, a service pack can
> also introduce unwanted behaviour. If you insist on a quiet life, just
> turn the power off!
>

But....if you have no noticeable bugs then applying a sp **increases** your
chances of getting a bug.

Adam

--- BBBS/NT v4.01 Flag-4