lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0307301715300.19774-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Avoiding being a good admin - was DCOM RPC
 exploit (dcom.c) 

>
> > Still the best defensive porture is taken at the entrance and exit points
> > as pertains to most all these 'services'.  If the ports 135 and 1433 etc
> > are blocked, both tcp and udp protocols, then patching becomes far less
> > dramatic, even if a few machines inside get infected due to laptops or
> > what have you.  when the flow on the wire for a segment
>
> Perimeter blocking is not everything.
> It's an important part of your security policy, but I think you're
> overstating that.
>
> Is it too difficult to write a worm which will spread through RPC DCOM (this
> is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You can
> have the best port blocking in the world and still be infected in a second.


Cool, perimiter security and forcing users to text only based e-mail
clients liek e-mail was intended <grin>.

>
> The solution for this is long term improvement of security, strong security
> policies *AND* education.

Eucation works poorly.  Educate you users and then 30 minutes later some
of thm will go to their everything-AND-the-kitchen-sink desktop OS, click
on that same mass mailed exe you just told them not to click on, and
reopen the need to once again re-educte your userbase cycle.  Of course 9
out of 10 times it;s going to be one of the upper mgt folks that pushed
for the employee education project that does the uncondoned clicking of
that exe...


Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ