Educause Security Discussion mailing list archives
Re: DHS --> Updated MS Advisory
From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Fri, 1 Aug 2003 15:01:44 -0500
Thanks for your detailed response. -----Original Message----- From: Omar Herrera [mailto:omar_herrera () BANXICO ORG MX] Sent: Friday, August 01, 2003 1:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] DHS --> Updated MS Advisory Blocking these ports on the perimeter of your network is necessary, we have done so as well without any repercussions. The problem with this vulnerability, however, is on the internal side of the network. Most of our students have laptops of their own, and it is not likely that all of them will patch them (hopefully many of them will). Suggesting students and professors to patch their own machines while we patch the servers is the best solution I can think of, because if a worm appears on the internet, several personal computers will be infected. The attack is not targeted at servers but rather at almost any windows machine, and personal computers will most likely be the ones getting infected. Dangerous scenario if a well programmed worm appears would be: a) students with unpatched machines connect to the internet from their homes and get infected b) the students then come to the university and they eventually connect to the internal network c) many other unpatched machines connected to the internal network get infected We just can't block these ports internally on all switches and routers because many MS windows applications rely on them, including file sharing over the network (if I remember correctly). In conclusion, my recommendations would be: a) block these ports on your perimeter firewall (this shouldn't affect OWA) b) patch your systems (make all proper tests before applying to critical servers) c) promote the patch among your community (post patch on your intranet and send warnings through printed publications on your campus) Omar Herrera, CISSP Instituto Tecnológico y de Estudios Superiores de Monterrey, Mexico City Campus Information security topic and laboratory -----Mensaje original----- De: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] En nombre de Barros, Jacob Enviado el: Viernes, 01 de Agosto de 2003 11:44 AM Para: SECURITY () LISTSERV EDUCAUSE EDU Asunto: Re: [SECURITY] DHS --> Updated MS Advisory DHS and Microsoft further suggest that Internet Service Providers and network administrators consider blocking TCP and UDP ports 135, 139, and 445 for inbound connections unless absolutely needed for business or operational purposes. Can anyone say that they have done this and what are any reprocussions you've felt? I might be missing something in my research but is there any traffic on those ports that I might care about? Will this effect OWA? Jacob Barros Grace College and Seminary 574-372-5100 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- DHS --> Updated MS Advisory Bruhn, Mark S. (Jul 31)
- <Possible follow-ups>
- Re: DHS --> Updated MS Advisory Barros, Jacob (Aug 01)
- Re: DHS --> Updated MS Advisory Tim St. Laurent (Aug 01)
- Re: DHS --> Updated MS Advisory Gary Flynn (Aug 01)
- Re: DHS --> Updated MS Advisory Omar Herrera (Aug 01)
- Re: DHS --> Updated MS Advisory Barros, Jacob (Aug 01)
- Re: DHS --> Updated MS Advisory Bruhn, Mark S. (Aug 06)