Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Worms, Air Gaps and Responsibility

From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 12 May 2004 13:51:55 -0400 (EDT)
On Wed, 12 May 2004, Claussen, Ken wrote:


Paul,
Even Cisco is not immune to the exploits.


My point was that given the platform's ubiquity, we hadn't seen a worm-
that doesn't mean it's not possible to do one, it means that it's not a
given that ubiquity equates to common and automatic malcode exploitation.

In fact, the point that we've had Cisco exploits in the past simply
underlines the fact that ubiquity isn't the only driver for mass malcode
exploits.


I have read several mentions of issues with corporate desktops and no
one has mentioned the use of Group Policy through AD to control which
EXEs are allowed to run by a user. This is one of the best methods to
stop malicious code at the desktop level. While it may be painful to
setup initially it is effective in many cases. In order to bypass this,
malicious code would need to use an "approved" EXE to launch itself.
This raises the bar significantly.
Ken


Indeed, Wes used to evangelically espouse using ISA server to do much the
same thing for Internet stuff.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: