| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6199A25648C5CF4596C8577AC6D20313351E@osiris.wetgoat.net> From: james at wetgoat.net (James P. Saveker) Subject: Re: Microsoft Security? Real LANs[Scanned] Random letters said... <snip> No, but people do use their laptops outside the office. It can be quicker to get infected than get either Windows or virus updates. When they bring their laptop onto the LAN (either through VPN or physically) then they are an internal source of infection that an external firewall can't filter. (Sh)It happens. </snip> I do respect what you have said. Yes indeed a weak point on many networks are remote roaming users. However I am not sure I fully agree. Let me explain my thoughts... Remote user takes laptop home. This laptop must have a independent application level and stateful firewall as it's being used from in front of the corporate firewall appliance. It will receive updates whilst connected to the internet in respect to AV definitions. In my environment when the remote clients VPN (via IP not dial up) into the network there AV definitions are updated via HTTP before the client is assigned an internal address from the DHCP server. Now if a new virus infects this machine which the AV and firewall does not stop then surely on the same premise the internal network in the company is also still at risk, whilst also not being protected internally or indeed at the perimeter. So it very much an oxymoron is it not? So lets take this a little further. Lets say that the laptop is not connected to the internal network or indeed the internet and so does not get any AV updates for perhaps a week. The user slaps in a floppy or CDR with a virus on it. The machine is then infected. The user unknowingly returns to work and connects the machine to the lan. The lan will be up to date in respect to AV defs and therefore *should* not be affected. Rather internal AV systems will light up like xmas trees. If neither the internal network or laptop is protected then yes, machines are going to be raped. However if that's the case then there not much hope anyhow. That's my five pence, James Saveker www.wetgoat.net "The only thing which helps me maintain my slender grip on reality is the friendship I share with my collection of singing potatoes..." The information contained in or attached to this correspondence is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales). This e-mail has been virus checked by Sophos Mail Monitor. There are inherent dangers in the opening any Attachments contained within e-mails. wetgoat.net cautions you to make sure that you completely understand the potential risks before opening any of the Attachments. You are solely responsible for adequate protection and backup of the data and equipment used in connection with this e-mail service, and wetgoat.net will not be liable for any damages that you may suffer in connection with using, modifying or distributing any of the Attachments. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3024 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040318/381e8d90/smime.bin
Powered by blists - more mailing lists