Security Basics mailing list archives

RE: Remote Desktop vs VPN on Windows 2003

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 19 Jan 2005 17:13:21 -0500

Quote from Charles Babbage, guy who invented the first computing
machine:
"...Propose to a man any principle, or an instrument, however admirable,
and you will observe the whole effort is directed to find a difficultly,
a defect, or an impossibility in it. If you speak to him of a machine
for peeling a potato, he will pronounce it impossible: if you peel a
potato with it before his eyes, he will declare it useless, because it
will not slice a pineapple."
 

-----Original Message-----
From: Conlan Adams [mailto:conlan () mebtc org] 
Sent: Wednesday, January 19, 2005 5:00 PM
To: Roger A. Grimes; security-basics () securityfocus com
Subject: RE: Remote Desktop vs VPN on Windows 2003

If Bank of America would have changed their default SQL port to 
anything else, they would have never been touched

by

Slammer, suffered the embarassment, and had executives asking for 
accountability.  One port change and the victims would have been heros

in

their boss' eyes.


You miss a major point in this...
No matter what you do you're NEVER a hero.

Custom code would have to add...what???...:1435 (five
characters) to prevent every SQL scanning worm in existence.


Thing is, a five character code change, that breaks interaction with
other existing software in a company with thousands of interacting
programs, used by hundreds of thousands of employees, totaling millions
of lines of code that could be referencing these apps, and you want to
change five characters?!?!  Even if you ignore the programming and
interaction, think about the documentation and training headaches!
Sounds like your boss just told you to look for a new job.

Conlan Adams

-----Original Message-----
From: Roger A. Grimes [mailto:roger () banneretcs com]
Sent: Tuesday, January 18, 2005 10:25 PM
To: Danny Puckett; security-basics () securityfocus com
Subject: RE: Remote Desktop vs VPN on Windows 2003

If Bank of America would have changed their default SQL port to anything
else, they would have never been touched by Slammer, suffered the
embarassment, and had executives asking for accountability.  One port
change and the victims would have been heros in their boss' eyes.

Current thread:

RE: Remote Desktop vs VPN on Windows 2003, (continued)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Paris E. Stone (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
  - RE: Remote Desktop vs VPN on Windows 2003 Frank Hamersley (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
  - Re: Remote Desktop vs VPN on Windows 2003 Ansgar -59cobalt- Wiechers (Jan 19)
  - Re: Remote Desktop vs VPN on Windows 2003 Michael Gale (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Conlan Adams (Jan 20)
  - heroes Dave Aronson (Jan 24)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Nero, Nick (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)