Security Incidents mailing list archives
RE: Possible method to prevent spread of CodeRed and other simila r wo rms
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Wed, 1 Aug 2001 13:34:25 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: dave.goldsmith () intelsat com [mailto:dave.goldsmith () intelsat com] Sent: Wednesday, August 01, 2001 12:48 PM To: incidents () securityfocus com Is there normally any reason for a web server to initiate OUTBOUND connections to the Internet? If not, why not block such outbound packets?
Dave, you're right on. That's exactly the reason I wrote a small article yesterday. Apparently SecurityFocus decided not to publish it to the list. It went along the lines that everyone (incl. CERT, SANS, etc) only focuses on the patch, and completely ignores to mention other prevent measures, like blocking outbound connections from the web server. (There are exceptions, like payment processing systems, DNS in some cases, HIDS, but the idea of limiting outbound access is something most everyone did not include in their bulletins). Good security is multi-layered security. Level 1 is the patch, level 2 are your mentioned firewall rules. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBO2hLsZytSsEygtEFEQJHNACg97SQ5RJ0cukCvO7yZTFpj8CDhFgAoPwj w5fDQuawFayiiUcsZxcbixmW =fCeM -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Possible method to prevent spread of CodeRed and other simila r wo rms Sachs, Marcus (Aug 01)
- <Possible follow-ups>
- RE: Possible method to prevent spread of CodeRed and other simila r wo rms Frank Knobbe (Aug 01)
- RE: Possible method to prevent spread of CodeRed and other simila r wo rms McCammon, Keith (Aug 01)
- RE: Possible method to prevent spread of CodeRed and other simila r wo rms Delaney, Gavin J (EASD, IT) (Aug 01)
- Re: Possible method to prevent spread of CodeRed and other simila r wo rms Sebastian Ip (Aug 01)