[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1060883057.6903.1571.camel@tesuji.nac.uci.edu>
From: strombrg at dcs.nac.uci.edu (Dan Stromberg)
Subject: "MS Blast" Win2000 Patch Download
On Thu, 2003-08-14 at 10:09, Jeffrey A.K. Dick wrote:
> Brad Bemis wrote: "Personally I am getting tired of people making these
> kinds of comments. ... While it may be true that blocking port 135 at the
> firewall would work in an ideal environment"
>
> Amen ... and ...forget about "ideal environment" ... it won't necessarily be
> effective in *any* environment except the
> "network-comprised-of-a-single-computer-that-nobody-uses" (tm). These people
> clearly haven't heard of notebooks and the concept of people using them
> outside the network (say, at home).
Microsoft+VPN works fine with these ports firewalled. Nonmicrosoft
software is also fine, so your linux box with ximian makes a good
desktop that isn't affected, as is a Mac. You have choices. Or, at
least, your superiors do, despite many execs liking to pretend there
isn't anything in the world but microsoft.
> These are the same folks who patted themselves on the back all Monday night
> for protecting their networks ... until people started plugging their
> notebooks into the network on Tuesday morning ... oops ...
Agreed that firewalls are often ineffective, but that doesn't mean they
shouldn't be used. I love the descriptiveness of firewalls as "a hard
crunchy shell with a soft, chewy center". If you firewall -and- stay up
on your patches, then you're using a firewall effectively. But many see
a firewall as an excuse for not patching.
--
Dan Stromberg DCS/NACS/UCI <strombrg@....nac.uci.edu>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030814/21e409ea/attachment.bin
Powered by blists - more mailing lists