RE: "MS Blast" Win2000 Patch Download

["James Patterson Wicks" <pwicks () oxygen com>]

I guess we just have a diferent approach to laptops and the corporate environment than others.  The only way a laptop 
can be plugged into our network is if it has been cleard by the IS department.  The MAC are recorded, and only recorded 
MAC can gain network access (Yes someone can spoof a MAC, but if a person savy enough to do that has physical access to 
the network, you had better have good monitoring in place).  Each user-owned laptop has to meet certain criteria as far 
as software firewall and anti-virus software is concerned.  Since we issue most of the laptops to our users, they only 
have restricted accounts and cannot disable the firewall or antivirus software.  Even those with administrator access 
need a password to uninstall or disable the software.  Corporate security is an ever-changing, politically-challenged 
world to live in.  The bottom line is always the dollar.  When you have to expend extra resources to combat every new 
threat to security because of a lax se!
 curity policy, you should document the real dollars associated with fighting the threat.  A VP sends a virus to the 
whole company because he let his kid use AOL on his laptop on the weekend?  Send his department the charge back for the 
clean up effort.  We did it here, and would be amazed at how seriously departments regarded network security after 
that. 



-----Original Message----- 
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Thursday, August 14, 2003 2:56 PM 
To: James Patterson Wicks 
Cc: full-disclosure () lists netsys com 
Subject: Re: [Full-disclosure] "MS Blast" Win2000 Patch Download 


On Thu, 14 Aug 2003 13:15:19 EDT, James Patterson Wicks <pwicks () oxygen com>  said: 

>  If the environment is so bad that you cannot even do that, then you should 
> be surfing Monster.com for a new job rather than ranting at people on this 
> forum for offering sound suggestions to combat the problem. 

Well, the reason it attracted the rant was because the rant was right on point. 

> > It's probably worth mentioning even more that if you have 
> > port 135 bocked on your firewall, you wouldn't have to worry 
> > about it :( 

The point is that you *DO* still have to worry about it. 

I'm glad to see that both the author of this quote (attribution lost, orry) and 
yourself, in your national enterprise that blocks port 135 at the border, has 
managed to implement *strict* security on laptops, guaranteeing that no machine 
ever connects to an outside network and then to an inside one in such a way as 
to possibly bring something in. 

There was mention made on one of the other lists that a site *HAD* blocked 135 
at the border before the worm even made an appearance, and were congratulating 
themselves on their foresight.  Two whole hours later, they were fighting an 
outbreak inside their network. 

Remember - all it takes is *ONE* laptop.... 



This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is 
addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. 
Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient 
is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to 
postmaster () oxygen com and destroy all electronic and paper copies of this e-mail.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html