| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: james at wetgoat.net (James P. Saveker) Subject: Re: Microsoft Security, baby steps ?[Scanned] Random Letters said.... <snip> 1. Home users - don't have adequate protection and get turned into zombies. They then bombard us. OK - this is dealt with by an externally facing firewall but see #2 below. 2. Office workers with laptops or VPN connections to the internal LAN - get 'infected' (see #1 above) and then connect to the internal LAN. They then bombard any newly set-up PC before we get a chance to patch it. BTW you still have to connect to a network if you have a SUS or SMS server. </snip> By saying see #1 above you are comparing a corporate laptop to a home computer? Or are you suggesting that sysadmins should allow remote users to come in from any phone line/IP and or public computer. The thought of allowing machines that do not belong to the company on the internal network does seem like suicide. Also SMS(bits update) and SUS are not designed to bring machines up to date from gold install editions. That should be done by slipstreaming updates onto install cd's and preferably in a corporate environment you are not going to be installing lots of machines from disks so the same principal should be applied to your RIS server or albeit image multicasting server. <snip> The "need to patch before I put it on the network" / "need to put it on the network to get the patches" IS a real problem for many sysadmins. </snip> Why? They must not be keeping there install images up to date. "need to put it on the network to get the patches" ; well that's just not true. That's my five pence, James Saveker www.wetgoat.net "The only thing which helps me maintain my slender grip on reality is the friendship I share with my collection of singing potatoes..." This e-mail has been virus checked by Sophos Mail Monitor. There are inherent dangers in the opening any Attachments contained within e-mails. wetgoat.net cautions you to make sure that you completely understand the potential risks before opening any of the Attachments. You are solely responsible for adequate protection and backup of the data and equipment used in connection with this e-mail service, and wetgoat.net will not be liable for any damages that you may suffer in connection with using, modifying or distributing any of the Attachments. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3024 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040318/60528769/smime.bin
Powered by blists - more mailing lists