Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Remote Desktop vs VPN on Windows 2003

From: "Conlan Adams" <conlan () mebtc org>
Date: Wed, 19 Jan 2005 17:00:02 -0500
If Bank of America would have changed their
default SQL port to anything else, they would have never been touched

by

Slammer, suffered the embarassment, and had executives asking for
accountability.  One port change and the victims would have been heros

in

their boss' eyes.  


You miss a major point in this...
No matter what you do you're NEVER a hero.


Custom code would have to add...what???...:1435 (five
characters) to prevent every SQL scanning worm in existence.


Thing is, a five character code change, that breaks interaction with
other existing software in a company with thousands of interacting
programs, used by hundreds of thousands of employees, totaling millions
of lines of code that could be referencing these apps, and you want to
change five characters?!?!  Even if you ignore the programming and
interaction, think about the documentation and training headaches!
Sounds like your boss just told you to look for a new job.

Conlan Adams

-----Original Message-----
From: Roger A. Grimes [mailto:roger () banneretcs com] 
Sent: Tuesday, January 18, 2005 10:25 PM
To: Danny Puckett; security-basics () securityfocus com
Subject: RE: Remote Desktop vs VPN on Windows 2003

If Bank of America would have changed their
default SQL port to anything else, they would have never been touched by
Slammer, suffered the embarassment, and had executives asking for
accountability.  One port change and the victims would have been heros
in
their boss' eyes.
Previous By Date Next
Previous By Thread Next

Current thread: