NIMDA, how to stop it

[aryoung () veros com (Alan Young)]

speaking of NIMDA, as a general recommendation, what would you all recommend
as an effecive firewall setup to stop NIMDA?

Can I stop NIMDA with just a PIX? Or do I need some sort of other "virus
firewall" in addition to our PIX?

Please forgive my ignorance, I cant search the archives (the search function
is broken) so I dont know if this has been asked before.

I am sure I must be missing some fundamental firewall knowledge, I suppose
there are some good books on this topic???

Alan Young


> -----Original Message-----
> From: firewall-wizards-admin () nfr com
> [mailto:firewall-wizards-admin () nfr com]On Behalf Of Behm, Jeffrey L.
> Sent: Thursday, January 03, 2002 3:05 PM
> To: firewall-wizards () nfr net
> Subject: RE: [fw-wiz] The Morris worm to Nimda, how little
> we've learned
> or gained
>
>
> > At the very least, jobs should be on the line when companies are
> compromised by code
> > that could have long been prevented by patching of
> applications and OS's,
> > especially when those patches have been widely available and publicly
> > announced.  Even an arson victim faces penalties if they
> have violated
>
> I agree with your article as a whole, but take minor
> exception to the above
> paragraph.
>
> Is the job on the line if there are no or very little
> resources available to
> test the patches?
> I don't think you aren't suggesting blind application of all security
> related patches released from a given vendor, so how does one
> decide which
> are the "real" ones to apply, and which are the "ones we
> don't really need."
> It's the old adage of "apply patches and take a chance of breaking
> something" vs. "don't apply the patch until you are sure you
> need it" (but
> how are you "sure"?)
>
> I.E. Is my job on the line if I apply a patch and it causes
> more damage (due
> to my own corporate implementation) than the issue it was
> supposed to fix?
>
> I will give you that there are some patches that one should
> apply due to the
> severity of the consequences of not applying it (BIND, Sendmail, and
> others). My point is that if the company is not willing to provide the
> resources (time, hardware, people) needed to properly test
> the patch(es),
> the job should not be "on the line."
>
> A minor point, perhaps, but with the lack of skilled security
> admins, and
> unwillingness of companies to provide adequate resource to security
> infrastructure (including patch testing), I don't think all
> the blame lies
> on the ones that "should have known the patches needed to be applied."
>
> IMHO (and no flame nor offense intended!),
> Jeff
>
> Statements made are my personal opinion and in no way reflect
> the views of
> any company, corporation, or business.
>
> > -----Original Message-----
> > From: R. DuFresne [mailto:dufresne () sysinfo com]
> > Sent: Thursday, January 03, 02 3:11 AM
> > To: firewall-wizards () nfr net
> > Subject: [fw-wiz] The Morris worm to Nimda, how little we've
> learned or
> > gained
> >
> >
> >
> >
> >                     The Morris worm to Nimda
> >                how little we've learned or gained
> >
> >
> >                                   by:  Ron DuFresne
> >                                          (c) 2001
> >
> >
> >
> >
> > 2001 was a tumultuous year.  Prior to the September 11 airline
> > attacks on
>
> <snip>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards