| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.43.0403051100060.15098-100000@tundra.winternet.com> From: dufresne at winternet.com (Ron DuFresne) Subject: Re: E-Mail viruses On Thu, 4 Mar 2004, Earl Keyser wrote: > As one method of dealing with these - > > 1. We use the Draconian technique of stripping all .exe .zip. ,gif .jpg > .scr .bat .pif files. > Inconvenient for some, life saver for others. For files that MUST be > sent, we use an alternate route - not network e-mail Very draconian in todays world, and not productive by the way some folks do the work they have to do with limited capabilities these days. It seems that we might was well revert back to only allowing e-mail in plain text, and I'm certainly not totally adverse to this myself, but, I'm willing to bet that the fallout of pushing this to the masses at large. Can I in some of the networks I manage get away with forcng text only e-mails and blocking all zip files at the perimiter, sure, and I could quell the complaints pretty quickly, in some of the other larger enbvs I manges, I'd have to resort to the painful application of advanced larting to quell the outcry at the serverroom drawbridge. And still I'd afect the ability of many to to their assigned tasks...Far better if I can just block out sights from sending through my mail servers those prone to spm and those outright infected with one or more trojans and viruses. I can do this more 3effectivly if I have a system that can authentcate at some level the senders address and the sending mail relay. If I have to blindly accpet easily verified spoofed addresses, then my taks are far tougher and rely upon more draconian measures that are sooner or later going to ruffle a manager at a high enough level that I'll end up having to just let it all pass and sort the mess at the desktops... Of course I could just toss my hands in the air and complain cause nothing proposed is perfect, and deal with the status quo, without offering something else to the mixed crowd for review <right Nick?>... So, is it two steps backwards and move from there or just stand here and take it and proceed as we are now? Or do we look at possible ways to sidestep enough to reduce the onslaught to a tide one might reasonably manage? > > 2. We use McAfee EPO to push out updated dats daily. > Keeping anti--virus products up to date is like playing the patch-up game, it;s overly reactive and allows too large a window of compromise. Additionally it's resource intensive and only fattens the pocket books of the vendors in this space. Remember it took 4 patches to fix the issues that slammer sploited, and the last and final patch in that muster fluck was only really released approximately about 30 days prior to sploit, and many that were patched and protected got that undone at or shortly after ploit release and never knew due to dll levels released in various addon apps to their systems <this remains a major headache to this day, and not just in the windos arena>... > 3. We forbid all users from bringing in foreign machines and plugging > them in, since internal security is not as good as external security. > But, there are ways in still that are hard to monitor, even with a .edu that might well scan all students for potential firearms and weapons; floppies, cdroms, USB keydrives... > 4. We send out reminders fairly often about safe usage. > Users in the future are either going to be more technically savvy and aware, <to help gaurd their own systems and privacy and to plain get work done> or have applications and OS' so user friendly that errors are not easy to impliment due to enhancments in the tools used <far less likely as this technology is still so new and we all want to retain capabilities we probably really don;t need, but, are not willing to give up, kinda like the revert to text e-mails statements above>. But teaching old dogs is never as effectives as bringing up the new dogs with the traits from ground up. > 4. We have a PIX, an IDS and me to monitor things. > And enforce egress as well ingress filtering, correct? Many of todays issues are not as easily cought looking from the erpimiter out, one has to see what flows from inside out as well to catch things. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists