[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BB7138A6.3DFC%dbounds@intrusense.com>
From: dbounds at intrusense.com (Darren Bounds)
Subject: JAP back doored
Good afternoon,
In my experience it can be significantly more challenging to defend large
enterprise than to defend a small-medium sized enterprise for a number of
reasons.
First of all, your typical Fortune 500 company is generally going to be a
larger and much more complicated infrastructure. As such you must tread
softly when making changes so not to upset the complex mesh of
interdependencies that exist. More often than not, even the slightest change
could have dire consequences if not tested thoroughly or communicated to the
necessary business units. I know of several companies who patched the DCOM
vulnerability relatively quickly, only to meet with connectivity issues due
to new port requirements and no firewall policy to support it.
Secondly you have the bureaucracy. An example of which could be the change
management policies. Administrators, developers and analysts share a small
window of opportunity to make changes each week. These changes have to be
evaluated for possible conflicts and prioritized with the understanding
that, your patch requirements may have to take a back seat to enhancements
or a resolution to an existing problem.
Finally, you shouldn't assume the size of the company will reflect the skill
level of its employees. Fortune 500 companies have just as much chance of
hiring the 'right' person as anyone. In fact, since it's fairly common for
them to offer a smaller salary in exchange for stability and benefits, one
could assume that in a number of cases, they may have slightly less chance.
Remember, it takes much less effort to turn a rowboat than it takes to turn
an aircraft carrier.
Thanks,
Darren Bounds
Security Consultant
Information Security Services
Intrusense LLC.
--
Intrusense - Securing Business As Usual
> From: "morning_wood" <se_cur_ity@...mail.com>
> To: <full-disclosure@...ts.netsys.com>
> Subject: Re: [Full-Disclosure] JAP back doored
> Date: Mon, 25 Aug 2003 10:02:50 -0700
>
>> Do you think this is a relistic szenario ? I'm not sure
> hmm, criminals using hacked computers as proxy??
> im sure that never happens. and im prety everone
> can prove and tell they have been hacked, hah
> with the recent rpc-dcom exploit, as proved here
> even Fortune 500 company admins cant secure
> thier systems or even know theve been compromised.
> im sure that never happens.... open your eyes
>
>
> wood
>
>
> --__--__--
--
Powered by blists - more mailing lists