| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: alerta at redsegura.com (Alerta Redsegura) Subject: Learn from history? > SMB generally arent worrie about running simething like WIndows Update > automatically, other than the fact that it uses bandwidth that they are > paying for. Down here, most SMB use Internet flat-rate plans, whether it be Dial-up or cable. So that's not an issue. The issue here is *knowledge and awareness*, but not connection. > > >> 2. If a patch cannot be installed, find workarounds > > >That does not work with the workarounds customer need to facilitate > > >life (security <> easy of use, remember) > > Work arounds donmt have a place in any sort of open user environment > they take too much time to deploy and impose to many problems on the end > user and also need to be undone after the problem is fixed. Way way way > to much work there. > In the case of a Windows-based network and excepting W98 and WME boxes, all updates and upgrades can be --and should be-- deployed from 1 machine. Workarounds generally have ultimately to do with registry modifications, which is just a matter of writing a script and deploying it. (Of course, after evaluating cost-benefit, testing, where *not* to install it, etc.) > > >> 3. If it is a port-related threat, find out if such ports are > > >> in use, and if not, make sure they are closed. > > >Once the virus is on the LAN it can do whatever it wants. > > > > Hello! Block the ports BEFORE they hit the LAN. Proactive security. > > Also, do us a favor and don't propogate the shit! > > What is all this rubbish about. Roughly 15% of all assests attached to a > networks around the world are unaccounted for!! So how are you meant to > protect yourself against them. Example - firewall blocking all ports, > some one comes in with a laptop thats infected and bobs your uncle you > left scratching your head wondering why your firewall didnt work. lmao > that mi friends is the soft center that the black hat looks for!! > It is also a matter of well articulated policies. Assumptions ---------------- 1. You have an anti-virus/e-mail/content solution which updates signatures files automatically from the Internet and deploys them automatically to all the boxes in the network, with central alerting capabilities. 2. You have a firewall solution at the point connecting to the Internet/other networks. 3. The laptop is infected with a worm that spreads through specific ports. ---------------- Now, someone comes in with a laptop that is infected and connects to the LAN. When it starts trying to infect external addresses, the firewall catches it. If it tries to infect local machines, the anti-virus software catches it. Supposing you have adequate alerting procedures in place, in both cases, the source of the infection is easy to detect. I?igo Koch Red Segura
Powered by blists - more mailing lists