Re: Sasser author

[Harlan Carvey <keydet89 () yahoo com>]

Rodrigo,

Please go back and re-read my post...particularly:

"And yeah, I know about the dial-up and VPN issues,
but
there are designs that protect against infections
there, was well.
 
Perhaps after all these years of publishing "best
practices", maybe the victims would
stop...well...being victimized."

I know about this scenario...but what I'm saying about
infrastructure designs and "best practices" still
applies.  The scenario you outlined actually makes my
point...not having policies and "best practices" in
place is what keeps biting us in the butt, NOT the
worms and their authors.  And yes, I'm fully aware
that the security guy will say "...we should..." and
someone at the CxO level will say "no, it's too
inconvenient" or "too costly" or some other such
nonsense.  Been there, done that...

These worms are effective in the corporate
infrastructure b/c the people responsible for such
things allow them to be.  Universities are
different...protect the protectable as best as
possible, and let the students fend for themselves
(how about turning on the f/w in XP???).  


> 1) Company has firewalls and security stuff (and
> staff)
> 2) Manager has a notebook
> 3) Manager insist that his notebook should not be
> connected to a 
>    "low security" network segment, cause he wants to
> be on the same
>    network everyone else is, and once he is the
> boss, things will be
>    the way he wants
> 4) Manager forbids the instalation of any "stupid
> software that keeps
>    giving popups every time I want to access the
> internet" (Personal
>    Firewalls)
> 5) Manager connect with his notebook to the internet
> at home
> 6) Manager plugs his notebook back on the company
> network
>
>
> How often is this scenary ? I met it at least 3
> times during the
> Sasser infestantion alone.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html