Win 3.1 -> 95 issues
M Glickman
Windows 3.1 with Netware 3.11 to Windows 95 with NW 3.2. At the
moment, I have fairly tight security in place to control junior
hackers, including FM Guard to restrict File Manager, edit restrictions
in Prgram Manager and read-only access to the Windows INI files, thus forcing all users to use basically the same configuration.
Are there any security issues arising from the upgrade that I may have
missed or non-obvious holes that Win 95 leaves open?
Thanks
Michael
--
M Glickman
I L Computing Services Gateshead UK
**Remove "x" from my domain name to reply**
Maksim Noy
software. Nothing that's not VXD-based really does the job in Windows 95. In
fact, I don't think there is such a thing as a perfect (or even close)
Windows 95 security program. FoolProof95 (www.smartstuff.com) is pretty
extensive, as is Fortres101 (www.fortres.com). For a pretty good and simple
to use solution you should also check out FullArmor Solution by
www.micah.com.
I managed a networked lab for a high school, and after trying both FoolProof
and FullArmor (both in combination with Windows 95 System Policies) for a
year with pitifull results, I tried a completely different approach to the
problem and it seems to have worked very well. Instead of completely locking
down a machine so nobody can mess with it, I leave the machine almost fully
open (most control panels are locked down through system policies), but when
the user logs out a program claled PC-Rdist gets run. It completely restores
the computers to what my "perfect" image on the server looks like. It does
it both with files and the registry (Windows 95 apps don't use INI files),
and since it's driven by a simple script, it's completely configurable as to
what it does with the files that were deleted/modified/added/replaced/etc.
For example - I have it set so it deletes all the extra EXEs and DLLs (to
prevent people from installing illegal software) and keeps all the other
stuff that's under 1 meg for at most seven days. That way I don't get any
illegal software or games and should somebody save their document to the
hard drive instead of the network, it will be there for a week just in case.
I also have it set so it will resotre proper computer names and IP addresses
to all the PCs based on the hardware address of their NIC. I highly recomend
you check out their web site especially since the licenses are free to K-12
organizations. The web site is at http://www.pyzzo.com/ .
Good luck and feel free to e-mail me any questions you may have.
Maksim Noy.
M Glickman wrote in message <62962...@xilcs.demon.co.uk>...
Kevin D. Snodgrass
>
> A local youth club whose network I look after is about to upgrade from
> Windows 3.1 with Netware 3.11 to Windows 95 with NW 3.2. At the
> moment, I have fairly tight security in place to control junior
> hackers, including FM Guard to restrict File Manager, edit restrictions
> in Prgram Manager and read-only access to the Windows INI files, thus forcing all users to use basically the same configuration.
>
> Are there any security issues arising from the upgrade that I may have
> missed or non-obvious holes that Win 95 leaves open?
I'm sure you will get lots of replies on this one. Win95 is
just full of security holes. I suggest going to
http://www.dejanews.com/ and searching the comp.os.netware.*
groups for Win95 issues, check out the Novell FAQ at
http://netlab1.usu.edu/novell.faq/nov-faq.htm, and any of
the hacker sites like http://www.nmrc.org/ and
http://www.l0pht.com/.
Lucky me, I don't have to worry about these things, at least
right now.
--
Kevin D. Snodgrass
New spam-proofed email address,
intelligent beings will adjust.
n...@workersect.org
file manager, to the desktop itself is riddled with easy ways to gain access
to the settings and potentially further.
I can highly recommend a utility called Securdesk from CursorArts Company. It
does an excellent job of securing both our stand-alone and networked PC's
(running under everything from Win 3.1 to Win NT). It also allows us to
produce secure, custom desktops for different user levels. Unfortunately,
Windows 95/98 themselves are so riddled with security flaws, that there is
really no way to control access using only Microsoft's work-arounds (and we
tried) and abysmal "policies." You really do need some other security on top
of Windows.
You may download a trialware version from the company's web site at
http://www.cursorarts.com/ca_sd.html (you'll find they have two versions
there, and you do NOT want to waste time with the "LV" version, which does
not contain the security features you need).
Anyway, Securdesk has many other features which you may also find useful in
your setting.
Best of luck!
In article <62962...@xilcs.demon.co.uk>, wrote:
> A local youth club whose network I look after is about to upgrade from
> Windows 3.1 with Netware 3.11 to Windows 95 with NW 3.2. At the
> moment, I have fairly tight security in place to control junior
> hackers, including FM Guard to restrict File Manager, edit restrictions
> in Prgram Manager and read-only access to the Windows INI files, thus forcing
all users to use basically the same configuration.
>
> Are there any security issues arising from the upgrade that I may have
> missed or non-obvious holes that Win 95 leaves open?
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum
mark w
OR
You can use Windows 95 policy editor, and screw the machines right down.(to
remove even little things like right click on start menu gives explorer, or
running only authorised programs)
I used to use it on the public domain machines we had, and never had a
problem (even from 14 year old hacker geeks!)
If you want more info, mail me!
Regards
--
Mark Wayt.
mark...@cellhire.com
Thought for the Day:
If you choked a Smurf, what color would it turn ?
M Glickman <mgl...@xilcs.demon.co.uk> wrote in message
62962...@xilcs.demon.co.uk...
>A local youth club whose network I look after is about to upgrade from
>Windows 3.1 with Netware 3.11 to Windows 95 with NW 3.2. At the
>moment, I have fairly tight security in place to control junior
>hackers, including FM Guard to restrict File Manager, edit restrictions
>in Prgram Manager and read-only access to the Windows INI files, thus
forcing all users to use basically the same configuration.
>
>Are there any security issues arising from the upgrade that I may have
>missed or non-obvious holes that Win 95 leaves open?
>
RBall84213
On one hand, using server-based policies *does* permit easy
administration (and configuration control) of large numbers of
Windows 95 PCs from a single SYS:PUBLIC-based policy file.
On the other hand, should someone hack that SYS:PUBLIC-
based policy file, *all* of your Windows 95 controlled PCs are
affected. This potential single-point-of-failure obviously represents
a problem in mission-critical (e.g., hospital) environments. Even
in non-mission-critical environments I'd keep a Win31 PC around,
just to be safe.
Beware of 14-year-old hacker geeks. ;->
Richard Ballard CNA4 KD0AZ
RJBa...@ieee.org
O Lord, grant that we may always be right,
For Thou knowest we will never change our minds.
-Old Scottish Prayer
mark w
and other select people. Although, I'm not sure whether that only works on
NT domains, rather than novell networks. (My main experience is from NT
domains).
If you are excluded, the POL file WILL NOT affect your machine at all. In
that case, if someone hacks the file, you just change your control panel,
passwords, user profiles and switch off roaming profiles. (I neglected to
mention, if you want to use policies, it's a good idea to have roaming
profiles.)
Either that, or if you're using novell, have toolbox loaded to copy a backup
.pol file to replace the hacked one, and close the loophole.
--
Mark Wayt.
mark...@cellhire.com
Thought for the Day:
Why is it when driving and looking for an address, we turn down the
radio ?
RBall84213 <rball...@aol.com> scribbled furiously in
199807231225...@ladder01.news.aol.com...