The goal of the document is clearly stated below. Feel free to read the document and make suggestions (within scope) for improvements. The document is not intended to take the place of hardening XP documents. Today I learned from Sean that the firewall portion of XP sp1 comes up after services are enabled. I will request that information be added to the pdf. I am NOT arguing against firewalls. I like them, I use them, their grrrrrrrrrrrrrrrrrr8! Security in depth is a good idea, one that I support, encourage and practice. Donald.Smith@qwest.com GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2

-----Original Message----- From: Rob Nelson [mailto:ronelson@vt.edu] Sent: Tuesday, May 04, 2004 4:26 PM To: Smith, Donald; Daniel Senie; Sean Donelan Cc: nanog@merit.edu Subject: RE: FW: Worms versus Bots

...

The goal of this document is help new XP users survive long enough to do their updates. Many of them cant/wont put up acls/nat/firewalls ... but if they follow the steps listed they have a better chance of successfully downloading and updating their new machine then they will have with OUT these steps. It is not meant as a complete XP hardening document. There are lots of documents that discuss in detail how to harden windows (xp,nt,2k...).

If the person doesn't continue to do acls/nat/firewalls, they'll just get infected after the next hole is discovered. And yes, there are plenty of holes that a firewall/nat box won't fix. Still, better than the user only doing Windows Update on the day of install and never having a firewall...

Rob Nelson ronelson@vt.edu