Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: "Claussen, Ken" <Ken () kccweb com>
Date: Wed, 12 May 2004 11:04:05 -0400
Paul, Even Cisco is not immune to the exploits. http://www.enterprisenetworksandservers.com/monthly/art.php/290 While this was patched quickly by ISPs and others, it did cause intermittent outages across the Internet for a period of time (several days). Excerpt from article; "On Wednesday, July 16, 2003, Cisco Systems published an advisory warning that Cisco IOS - the operating software of the most widely used routers and switches in the world - was carrying a vulnerability that could put any unprotected IOS device out of order. Two days later, an "exploit" was published on a public mailing list, where hackers explained in detail how to reproduce the very packet sequence that would allow anyone to "exploit" the vulnerability and bring any unprotected device down." Then there was the Nimda worm which affected Cisco Cable Modem devices (800 Series), while not critical infrastructure, this disrupted many households Internet Access. I think it is fair to say any OS has had it's share of vulnerabilities over the years (some more than others in terms of numbers, but that does not necessarily account for the severity). A good share of these have allowed remote execution of code(System=Owned). Some Historical Examples; Sadmind for Solaris, Rootkits for Unix taking advantage of Portmapper flaws, Nimda/CodeRed and Slammer for MS. There are many others, these are just some off the top of my head. To say that any one of these is worse than the other is simply favoritism as they all allowed Root/Administrator access to the system. I have read several mentions of issues with corporate desktops and no one has mentioned the use of Group Policy through AD to control which EXEs are allowed to run by a user. This is one of the best methods to stop malicious code at the desktop level. While it may be painful to setup initially it is effective in many cases. In order to bypass this, malicious code would need to use an "approved" EXE to launch itself. This raises the bar significantly. Ken -----Original Message----- From: Paul D. Robertson [mailto:paul () compuwar net] Sent: Monday, May 10, 2004 2:49 PM To: Erick Mechler Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Worms, Air Gaps and Responsibility On Mon, 10 May 2004, Erick Mechler wrote:
I bet you'd see the same sort of behavior from worms no matter what OS
the World's critical infrastructures were to run. If they ran *NIX, you'd see more worms targeting those OSs. There's something to be said for heterogenous computing environments.
Funnily enough, I don't recall a Cisco IOS worm with any traction... Paul ------------------------------------------------------------------------ ----- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility, (continued)
- RE: Worms, Air Gaps and Responsibility R. DuFresne (May 07)
- RE: Worms, Air Gaps and Responsibility R. DuFresne (May 07)
- RE: Worms, Air Gaps and Responsibility Melson, Paul (May 07)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 07)
- Message not available
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Jean-Denis Gorin (May 07)
- RE: Worms, Air Gaps and Responsibility Mike McNutt (May 10)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- RE: Worms, Air Gaps and Responsibility Victor Williams (May 11)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 12)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 13)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 17)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 18)
- Re: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)