RE: Code Red: What security specialist don't mention in warnings

[mark.wiater () alexus com]

Excellent point Frank. No web server should ever have to generate a
connection outside the local network.

I'd also like to point out another. More common sense and supports defense
in depth. 

Turn off unneeded or unused services. That includes index server in this
case.

I've found it to be another effective measure in securing the enterprise...

Mark

(Another concerned netizen)


> So may I take the opportunity to recommend the following:
>
> a) Download and install the patch from Microsoft (available at
> http://www.microsoft.com/technet/security/bulletin/MS01-033.asp).
>
> b) In addition, review your firewall rules and make sure your 
> web server can not establish connections to the Internet. If you have not 
> protected your web server with a firewall, this worm may give you another 
> incentive to do so.
>
> There are certainly other steps and precautions that can be 
> taken. However, above are the most effective in regards to the Code Red
worm.
> Recommendation b) extends the original advisories and 
> recommendations to a second level. This is 'Defense in Depth'. If one 
> countermeasure (the patch) fails, the second countermeasure (the firewall)
will still 
> prevent the worm from spreading. 
>
> 'Defense in Depth'. This is how security should be done. Protect your
> systems with multiple layers of defense. Review and reconfigure your
> firewall now.
>
>
> Sincerely,
> Frank Knobbe
> (concerned netizen)
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards