| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <15533237421C6E4296CC33A2090B224A01270BC3@UTDEVS02.campus.ad.utdallas.edu> From: pauls at utdallas.edu (Schmehl, Paul L) Subject: Re: Microsoft Security, baby steps ? > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Full-Disclosure > Sent: Thursday, March 18, 2004 2:17 AM > To: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] Re: Microsoft Security, baby steps ? > > In an corporate environment, you will have SUS or SMS > running. If so, no need for internet access. > I'm seeing statements like this more and more, on this list and others, and it's really starting to bug me. (Not picking on you personally.) Most of the attacks on corporate boxes come from the inside. Blocking internet access does very little to protect you. Don't believe it? Then explain how Slammer and Sobig and Mydoom and Nachi and Blaster managed to spread in corporate environments that have very good firewalling. Putting up a firewall is one small step in a very large process that gets you some semblance of security. You are not "safe" simply because the firewall is up and running. All it take is *one* improperly maintained box on the inside to be compromised/infected, and the hacker is off to the races. What will SUS/SMS do for you then? By all means, automate patching. But for god's sake, don't think that once you've done that you're done! You've only just begun. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists