Security Basics mailing list archives
RE: Purging Blaster.worm
From: "Vachon, Scott" <Scott.Vachon () paymentech com>
Date: Fri, 15 Aug 2003 08:59:49 -0400
<snipped>
Maybe I am a little sensitive to this, being the firewall guy and all, but come on people. I stopped 135, 136, 445, 4444 and a host of others and you know what, it still hit. Know what it hit, a couple of freaking laptops from home. They brought it in and my firewall did d!ck as it bounced around from floor to floor. Sure I could shut off 69 and keep it from hitting the world, but that didn't stop all the UNPATCHED workstations from getting this thing. The answer is to freaking listen to the community and patch the boxes. Don't count on a firewall or anti-virus to protect you.
<snip rant>
That was the answer. Patch. I'll do the best I can to block the crap from the outside, but when you let it walk in the backdoor, there ain't a lot I can do, but sit back and laugh. Oh, and explain over and over again why for 3 weeks now I warned you to patch the workstations (that is what happened here at least) and told you the firewall couldn't stop it.
From one "firewall guy" to another: If you got hit from the inside, then you are part of the problem as well. These days there is no such thing as the trusted zone. A firewall (and IDS) on your internal desktop network would have been beneficial in securing the "core," and alerting you to the presence of the worm internally. So when it "comes in the backdoor," there is in fact, still a lot you can do.
Security is a multi-faceted approach involving all elements of corporate IT departments working in concert with one another. To sit back and point the finger is to be as irresponsible as not patching one's systems. ~S~ Disclaimer: My own two cents. Learn more about Paymentech's payment processing services at www.paymentech.com THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Purging Blaster.worm, (continued)
- RE: Purging Blaster.worm Preston, Tony (Aug 13)
- RE: Purging Blaster.worm Rory (Aug 13)
- Re: Purging Blaster.worm Jay Woody (Aug 13)
- RE: Purging Blaster.worm Parolini, Walter A REV:EX (Aug 13)
- RE: Purging Blaster.worm Jay Woody (Aug 14)
- RE: Purging Blaster.worm Jay Woody (Aug 14)
- RE: Purging Blaster.worm Bob Walker (Aug 14)
- Re: Purging Blaster.worm Ken Jacobs (Aug 14)
- RE: Purging Blaster.worm David Gillett (Aug 16)
- RE: Purging Blaster.worm Meidinger Chris (Aug 15)
- RE: Purging Blaster.worm Vachon, Scott (Aug 15)
- RE: Purging Blaster.worm Jay Woody (Aug 16)
- RE: Purging Blaster.worm Meidinger Chris (Aug 18)
- RE: Purging Blaster.worm Alfred . Diggs (Aug 19)
- RE: Purging Blaster.worm Meidinger Chris (Aug 20)
- RE: Purging Blaster.worm Preston, Tony (Aug 13)