Re: "MS Blast" Win2000 Patch Download

[Dan Stromberg <strombrg () dcs nac uci edu>]

On Thu, 2003-08-14 at 10:09, Jeffrey A.K. Dick wrote:
> Brad Bemis wrote: "Personally I am getting tired of people making these
> kinds of comments.  ... While it may be true that blocking port 135 at the
> firewall would work in an ideal environment"
>
> Amen ... and ...forget about "ideal environment" ... it won't necessarily be
> effective in *any* environment except the
> "network-comprised-of-a-single-computer-that-nobody-uses" (tm). These people
> clearly haven't heard of notebooks and the concept of people using them
> outside the network (say, at home).

Microsoft+VPN works fine with these ports firewalled.  Nonmicrosoft
software is also fine, so your linux box with ximian makes a good
desktop that isn't affected, as is a Mac.  You have choices.  Or, at
least, your superiors do, despite many execs liking to pretend there
isn't anything in the world but microsoft.

> These are the same folks who patted themselves on the back all Monday night
> for protecting their networks ... until people started plugging their
> notebooks into the network on Tuesday morning ... oops ...

Agreed that firewalls are often ineffective, but that doesn't mean they
shouldn't be used.  I love the descriptiveness of firewalls as "a hard
crunchy shell with a soft, chewy center".  If you firewall -and- stay up
on your patches, then you're using a firewall effectively.  But many see
a firewall as an excuse for not patching.

-- 
Dan Stromberg DCS/NACS/UCI <strombrg () dcs nac uci edu>

Attachment: signature.asc
Description: This is a digitally signed message part