Firewall Wizards mailing list archives
Re[2]: Worms, Air Gaps and Responsibility
From: Paul Van Noord <paulvn () for-him net>
Date: Fri, 7 May 2004 06:16:45 -0400
5/7/04 6:12 AM Hi Jim, Is it not possible to run a script when a notebook connects to the LAN to check for the necessary security elements. If they are not there, either deny use of the LAN or lock the machine and add them before the user is allowed to use the LAN? Paul Van Noord Common Sen$e Consulting paulvn () for-him net
=========== Original Message Below ===========<
Received From: Jim Seymour jseymour () LinxNet com Devdas Bhagat <devdas () dvb homelinux org> wrote:
On 06/05/04 10:34 -0400, Paul D. Robertson wrote:
[snip]
I understand where you're coming from, I'd just like to see us all make more coordinated and extensive efforts to revisit the "connectivity trumps all" mantra.Let me ask a harder question: How do you get the horse to drink? Connectivity shows profits in the balance sheet. Security shows up as expenses. Lack of downtime does not show up.
I don't give management options. Or, more accurately, the only options I give them are ones with a level of security with which I'm comfortable. "Comfortable" == I take *personal* ownership of its functionality and its security, 24x7x365. If they should happen to discover, through no fault of my own, there's a "cheaper," less-secure way, and they want to force me to implement it: Fine. I'll do it. But when the wheels fall off (not "if," but "when"): Don't be callin' *me* in the middle of the night, over the weekend, or while I'm on vacation, cryin' about it.
[snip]
Note that having one cheap administrator dedicated to cleaning up viruses often works out cheaper than having an antivirus everywhere and kept up to date.
[snip] My work domain isn't all that big, but even *I* can't agree with that. I've seen cases, on MS desktops/laptops, of viruses/worms/trojans or spyware that took literally *hours* and *hours* to eradicate. Just on one machine. Theoretically, one could image the "official desktop" and, when something really ugly like that reared its head, simply wipe the install and drop the new image on the box. Of course, when you've a typical environment, with everything from Win95 to WinXP Pro, and a mix of hardware that's even more varied, that's not practical. Strong perimeter defense. Reasonable internal defenses where you can. (E.g.: At internal "border" points.) Strong user education. Shun typically exploit-prone client apps. Keep the A/V and spyware stuff up-to-date. Keep the patches up-to-date. That is the order in which I rate the importance of my defenses. We're had one (1) get past us in the last five years. No, make that two. The first was imported the good old way: On a floppy or a CD-ROM, from a trusted partner firm. The person who let it into his computer didn't like to run A/V software. (That problem has been solved.) It didn't get far at all. The second, more recent, was MyDoom. That was *pure* happenstance. It came in .zip file form, it came from somebody somebody knew, *and* the target at work was expecting an emailed attachment from that specific person. It didn't get far, either. (Luckily, it arrived late. Most of its internal targets had shut-down/logged-off for the afternoon. I was able to stop it in its tracks by the simple expedient of killing smtpd and pop*d, sanitizing the mail spool and then putting up the appropriate internal filters before firing-up the daemons again. Lucked-out on that one, I did ;).) -- Jim Seymour | Spammers sue anti-spammers: jseymour () LinxNet com | http://www.LinxNet.com/misc/spam/slapp.php http://jimsun.LinxNet.com | Please donate to the SpamCon Legal Fund: | http://www.spamcon.org/legalfund/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 11)
- widnows vs unix and security Re: Worms, Air Gaps and Responsibility ArkanoiD (May 12)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 11)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility R. DuFresne (May 10)
- RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 10)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 10)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 10)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re[2]: Worms, Air Gaps and Responsibility Paul Van Noord (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Eric Maiwald (May 07)
- Re: Worms, Air Gaps and Responsibility Vinicius Moreira Mello (May 10)
- Re: Worms, Air Gaps and Responsibility Bret Watson (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Mason Schmitt (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Mason Schmitt (May 10)