Full Disclosure mailing list archives
RE: Learn from history?
From: "Alerta Redsegura" <alerta () redsegura com>
Date: Thu, 6 May 2004 11:04:07 -0500
SMB generally arent worrie about running simething like WIndows Update automatically, other than the fact that it uses bandwidth that they are paying for.
Down here, most SMB use Internet flat-rate plans, whether it be Dial-up or cable. So that's not an issue. The issue here is *knowledge and awareness*, but not connection.
2. If a patch cannot be installed, find workaroundsThat does not work with the workarounds customer need to facilitate life (security <> easy of use, remember)Work arounds donmt have a place in any sort of open user environment they take too much time to deploy and impose to many problems on the end user and also need to be undone after the problem is fixed. Way way way to much work there.
In the case of a Windows-based network and excepting W98 and WME boxes, all updates and upgrades can be --and should be-- deployed from 1 machine. Workarounds generally have ultimately to do with registry modifications, which is just a matter of writing a script and deploying it. (Of course, after evaluating cost-benefit, testing, where *not* to install it, etc.)
3. If it is a port-related threat, find out if such ports are in use, and if not, make sure they are closed.Once the virus is on the LAN it can do whatever it wants.Hello! Block the ports BEFORE they hit the LAN. Proactive security. Also, do us a favor and don't propogate the shit!What is all this rubbish about. Roughly 15% of all assests attached to a networks around the world are unaccounted for!! So how are you meant to protect yourself against them. Example - firewall blocking all ports, some one comes in with a laptop thats infected and bobs your uncle you left scratching your head wondering why your firewall didnt work. lmao that mi friends is the soft center that the black hat looks for!!
It is also a matter of well articulated policies. Assumptions ---------------- 1. You have an anti-virus/e-mail/content solution which updates signatures files automatically from the Internet and deploys them automatically to all the boxes in the network, with central alerting capabilities. 2. You have a firewall solution at the point connecting to the Internet/other networks. 3. The laptop is infected with a worm that spreads through specific ports. ---------------- Now, someone comes in with a laptop that is infected and connects to the LAN. When it starts trying to infect external addresses, the firewall catches it. If it tries to infect local machines, the anti-virus software catches it. Supposing you have adequate alerting procedures in place, in both cases, the source of the infection is easy to detect. IƱigo Koch Red Segura _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Learn from history?, (continued)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 05)
- RE: Learn from history? Alerta Redsegura (May 05)
- RE: Learn from history? full-disclosure (May 05)
- RE: Learn from history? Stuart Fox (DSL AK) (May 05)
- RE: Learn from history? Alerta Redsegura (May 05)
- RE: Learn from history? Stuart Fox (DSL AK) (May 05)
- Re: Learn from history? Ondrej Krajicek (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? Alerta Redsegura (May 06)
- RE: Learn from history? Ferris, Robin (May 06)
- RE: Learn from history? Alerta Redsegura (May 06)
- RE: Learn from history? Steve Bremer (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? full-disclosure (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 06)
- RE: Learn from history? Ng, Kenneth (US) (May 10)
- RE: Learn from history? Alerta Redsegura (May 10)
- RE: Learn from history? Michal Zalewski (May 10)
- RE: Learn from history? Alerta Redsegura (May 10)
- RE: Learn from history? Gwendolynn ferch Elydyr (May 10)
- RE: Learn from history? Alerta Redsegura (May 10)
- RE: Learn from history? Serge van Ginderachter (svgn) (May 05)