Full Disclosure mailing list archives
RE: Re: Microsoft Security, baby steps ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 18 Mar 2004 23:13:42 +1300
"Full-Disclosure" <fd () weevers net> wrote:
In an corporate environment, you will have SUS or SMS running. If so, no need for internet access.
But, need for general network access to get to those machines. thereby breaking the "no general network access until secure" rule. You could have a second SUS/SMS setup mirroring the configs off the general netowrk ones and only allow that to synch off the general one when the test/setup network is not being used for anything else _and_ no "unfinished" boxes are attached to the test/setup network. Also, in other "institutional" environments that are nmot strictly "corporate" that distinction can be _very_ hard to meet for such a setup (e.g. universities and the like).
If you don't have this, just place a firewall on the box, or before the box. How hard can this be ? You do it the same way, as you would do before you would patch debian/*bsd/gentoo/ect/ect/ect.
Yeah, yeah. It's easy to decide the level of exposure _you_ are comfortable with and I was not saying tat everyone should do it that way, just that that was a valid set of restrictions to have to work under.
There is no real problem here. Don't blame microsoft if you can't come up with solutions to simple security "problems".
I was not blaming them for that. I was balming them for their own failure (much like yours) to think outside their own level and realm of experience and/or their faiulure (much like yours) to acknowledge that there could be situations where the solution they were comfortable with was not acceptable. Think outside the box dude -- oh wait, it seems you cannot see it, so I guess that is asking too much of you... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: Microsoft Security, baby steps ?, (continued)
- RE: Re: Microsoft Security, baby steps ? Jos Osborne (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Jeremiah Cornelius (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Valdis . Kletnieks (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 17)
- RE: Re: Microsoft Security, baby steps ? John . Airey (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Geo. (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Valdis . Kletnieks (Mar 17)
- Re: Re: Microsoft Security, baby steps ? Random Letters (Mar 17)
- RE: Re: Microsoft Security, baby steps ? Full-Disclosure (Mar 18)
- RE: Re: Microsoft Security, baby steps ? Nick FitzGerald (Mar 18)
- Re: Re: Microsoft Security, baby steps ? Jo Doe (Mar 18)
- RE: Re: Microsoft Security, baby steps ? Random Letters (Mar 18)
- RE: Re: Microsoft Security, baby steps ? John . Airey (Mar 18)
- Administrivia (was: RE: Re: Microsoft Security, baby steps ? ) Nick FitzGerald (Mar 18)
- Re: Administrivia (was: RE: Re: Microsoft Security, baby steps ? ) madsaxon (Mar 18)
- Re: Administrivia (was: RE: Re: Microsoft Security, baby steps ? ) Nick FitzGerald (Mar 18)
- Re: Administrivia (was: RE: Re: Microsoft Security, baby steps ? ) madsaxon (Mar 18)
- Administrivia (was: RE: Re: Microsoft Security, baby steps ? ) Nick FitzGerald (Mar 18)
- Re: Administrivia Jason (Mar 18)
- Re: Re: Administrivia Frank Knobbe (Mar 18)
- Re: Re: Administrivia Spiro Trikaliotis (Mar 19)
- RE: Re: Microsoft Security, baby steps ? Jos Osborne (Mar 17)