Prev: CISVC.EXE hogs CPU; is it the same as Windows Search?
Next: Sys x: format x:/u/s
From: RB on 28 Feb 2010 11:14
Does implementing logon password protection offer any protection against
an online virus or Trojan attack?
Or does it only prevent local physical (or Lan) users from unauthorized access ?

What does the term "common" user account mean ?
Is this the same thing as "limited" user account ?


From: David H. Lipman on 28 Feb 2010 11:30
From: "RB" <NoMail(a)NoSpam>

| Does implementing logon password protection offer any protection against
| an online virus or Trojan attack?
| Or does it only prevent local physical (or Lan) users from unauthorized access ?

| What does the term "common" user account mean ?
| Is this the same thing as "limited" user account ?


Account authentication has NOTHING to do with malware infections.

What it helps to protect against is...

1. The insider threat
2. Personnel from accessing another person's account and data
3. Data protection in general

Common User or Limited User accounts have nothing to do with passwords either. It has to
do with the level of authorization given to a LAN user to access resources or the ability
to perform tasks.

A "Limited User" is just that, the person is limited in what they are authorized to do
such as installing software or making modifications to trhe system.

As for passords, they should be REQUIRED and be "strong". Strong as in meaing a level of
complexity such that it is difficult to guess or break. For example; 8 digits minimum,
using; 2 uppercase, 2 lowercase and 2 numbers and at least one special character.

Having LAN accounts with "Limited User" capabilities reduces the threat of malware
infection but does not eliminate that threat.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: RB on 28 Feb 2010 12:54
Thank you for the reply.
I realize the logon ramifications of physical users but if you would be so kind
please give me your input on the following:

1. If you disable File and Print sharing does this make your LAN more
secure from an online infection jumping from one node to the other ?

2. I really need some folders shared, is there any way to password protect
the access to these folders on the LAN?
(does this only again protect from physcial logon users)


From: David H. Lipman on 28 Feb 2010 13:39
From: "RB" <NoMail(a)NoSpam>

| Thank you for the reply.
| I realize the logon ramifications of physical users but if you would be so kind
| please give me your input on the following:

| 1. If you disable File and Print sharing does this make your LAN more
| secure from an online infection jumping from one node to the other ?


Yes but it also makes administration of the LAN nodes more difficult. It is better to
keep F&P Sharing enabled and the PC locked down. For example, all accounts *MUST* have
strong passwords to mitigate worms and bots that spread on a LAN via password dictionary
attacks.


| 2. I really need some folders shared, is there any way to password protect
| the access to these folders on the LAN?
| (does this only again protect from physcial logon users)


Is this a Workgroup or Domain account ?

In a Domain account you have File Server Shares and access priveledges as well as NTFS
priveledges which will limit who gets access to what.





--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: RB on 28 Feb 2010 14:42
> Is this a Workgroup or Domain account ?

Well I'm still learning terminology but what I have is a Linksys router
(Wireless running TKIP security with a long alpha numeric key) .
My cable modem connects to the linksys (so I assume I have NAT )
and my one Desktop hardwire connects to the linksys and all of our
laptops connect to the linksys (wireless). I have the broadcast off.
I have all the computers configured to the same workgroup ( if that
is what your are asking )

> In a Domain account you have File Server Shares and access priveledges as well as NTFS
> priveledges which will limit who gets access to what.

Ugh well ok, I thinkg I have a workgroup but I would not know if I had a domain account
or not ? (dummy). And if I did I would not know how to set the NTFS priveledges ?

So if I put all my user accounts on a password it will keep me from logging onto a node
from another node unless I give it the user acct password ?


 |  Next  |  Last
Pages: 1 2
Prev: CISVC.EXE hogs CPU; is it the same as Windows Search?
Next: Sys x: format x:/u/s