[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0307301715300.19774-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Avoiding being a good admin - was DCOM RPC
exploit (dcom.c)
>
> > Still the best defensive porture is taken at the entrance and exit points
> > as pertains to most all these 'services'. If the ports 135 and 1433 etc
> > are blocked, both tcp and udp protocols, then patching becomes far less
> > dramatic, even if a few machines inside get infected due to laptops or
> > what have you. when the flow on the wire for a segment
>
> Perimeter blocking is not everything.
> It's an important part of your security policy, but I think you're
> overstating that.
>
> Is it too difficult to write a worm which will spread through RPC DCOM (this
> is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You can
> have the best port blocking in the world and still be infected in a second.
Cool, perimiter security and forcing users to text only based e-mail
clients liek e-mail was intended <grin>.
>
> The solution for this is long term improvement of security, strong security
> policies *AND* education.
Eucation works poorly. Educate you users and then 30 minutes later some
of thm will go to their everything-AND-the-kitchen-sink desktop OS, click
on that same mass mailed exe you just told them not to click on, and
reopen the need to once again re-educte your userbase cycle. Of course 9
out of 10 times it;s going to be one of the upper mgt folks that pushed
for the employee education project that does the uncondoned clicking of
that exe...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists