Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes)

From: Siim Põder <windo () p6drad-teel net>
Date: Tue, 14 Nov 2006 18:33:00 +0200
Yo!

Daniel wrote:

David: your IIS 6.0 is vulnerable to a unpublished, unknown  
vulnerability
CSO: So what do we do David??
David: secure your network
CSO: How?
David: ????
CSO: Microsoft has no patch for this, they cannot help. I've paid you  
to do an assessment, what is the risk of the vulnerability versus the  
loss of business if I have to shut down our front-end trading system


That's the whole point of this discussion - imho - and it seems to me
you're not getting it (or it might be that I'm not getting it).

There is stuff you can (and should) do beyond patching known holes. You
never know wether there are unknown vulnerabilities in some part of your
system - so you could run your httpd in chroot, stripping it's
privileges to the minimum and monitoring what it does. Then you could
isolate it on the network and firewall connections to and from it.

There's propably bunch of other stuff any web server administrator would
do if he needed to reduce the risks of being exploited.


In the end the damage of the 0day is minimized - it might be full pwnage
of the whole network on one location, but a stripped down local shell
that gets the attacker blacklisted if abused on another location (and
that's the answer you should give to the CSO).

How far to go with it should be a business decision - if anyone could
effectively calculate the likelyhood of all that shit actually hitting
any fans and the amount of shit sprayed around by it (if that was the
question you were raising, then accept this "oops" from me).

Siim Põder
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: