Full Disclosure mailing list archives
Re: Re: Microsoft Security, baby steps ?
From: Valdis.Kletnieks () vt edu
Date: Wed, 17 Mar 2004 13:00:32 -0500
On Wed, 17 Mar 2004 16:19:36 GMT, Jos Osborne <Jos () meltemi co uk> said:
It doesn't address the issue. The requirement is that some MS customers need to patch without putting the machine on the internet. For whatever reasons. Is that such an unreasonable request? Geo.
Sorry to sound incredibly dense, but if the machine in question is never being connected to a network does it really need securing/patching?
Yes, it does. Unless you have physical security in place to guarantee that *all* access is from trusted users, you need to patch the box. 1) It may be going on a *corporate* network that doesn't have direct *internet* connectivity. 2) Such things as standalone multiuser machines *do* exist - they need to be secured as well. Similarly for standalone boxes in non-secured locations - consider the case of a PC-based cash register in a store...
Attachment:
_bin
Description:
Current thread:
- Re: Re: Microsoft Security, baby steps ?, (continued)
- Re: Re: Microsoft Security, baby steps ? Geoincidents (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Simon Richter (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 17)
- RE: [inbox] Re: Re: Microsoft Security, baby steps ? Curt Purdy (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Jeremiah Cornelius (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Valdis . Kletnieks (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Valdis . Kletnieks (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 18)