Dailydave mailing list archives
Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes)
From: Siim Põder <windo () p6drad-teel net>
Date: Tue, 14 Nov 2006 18:33:00 +0200
Yo! Daniel wrote:
David: your IIS 6.0 is vulnerable to a unpublished, unknown vulnerability CSO: So what do we do David?? David: secure your network CSO: How? David: ???? CSO: Microsoft has no patch for this, they cannot help. I've paid you to do an assessment, what is the risk of the vulnerability versus the loss of business if I have to shut down our front-end trading system
That's the whole point of this discussion - imho - and it seems to me you're not getting it (or it might be that I'm not getting it). There is stuff you can (and should) do beyond patching known holes. You never know wether there are unknown vulnerabilities in some part of your system - so you could run your httpd in chroot, stripping it's privileges to the minimum and monitoring what it does. Then you could isolate it on the network and firewall connections to and from it. There's propably bunch of other stuff any web server administrator would do if he needed to reduce the risks of being exploited. In the end the damage of the 0day is minimized - it might be full pwnage of the whole network on one location, but a stripped down local shell that gets the attacker blacklisted if abused on another location (and that's the answer you should give to the CSO). How far to go with it should be a business decision - if anyone could effectively calculate the likelyhood of all that shit actually hitting any fans and the amount of shit sprayed around by it (if that was the question you were raising, then accept this "oops" from me). Siim Põder _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- "The organization I belong to doesn't have initals" (that evil dude in Heroes) Dave Aitel (Nov 12)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Tito Villalobos (Nov 13)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Pete Herzog (Nov 13)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Paul Melson (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Olef Anderson (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Nicolas RUFF (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) David Maynor (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Daniel (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Siim Põder (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 15)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) dan (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Rhys Kidd (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Dave Aitel (Nov 16)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Tito Villalobos (Nov 13)