lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <NHBBKOKFNKAIECDLOKDCKEGCEOAA.alerta@redsegura.com>
From: alerta at redsegura.com (Alerta Redsegura)
Subject: Learn from history?

> SMB generally arent worrie about running simething like WIndows Update
> automatically, other than the fact that it uses bandwidth that they are
> paying for.

Down here, most SMB use Internet flat-rate plans, whether it be Dial-up or
cable.
So that's not an issue. The issue here is *knowledge and awareness*, but not
connection.



> > >> 2. If a patch cannot be installed, find workarounds
> > >That does not work with the workarounds customer need to facilitate
> > >life (security <> easy of use, remember)
>
> Work arounds donmt have a place in any sort of open user environment
> they take too much time to deploy and impose to many problems on the end
> user and also need to be undone after the problem is fixed. Way way way
> to much work there.
>

In the case of a Windows-based network and excepting W98 and WME boxes, all
updates and upgrades can be --and should be-- deployed from 1 machine.
Workarounds generally have ultimately to do with registry modifications,
which is just a matter of writing a script and deploying it. (Of course,
after evaluating cost-benefit, testing, where *not* to install it, etc.)



> > >> 3. If it is a port-related threat, find out if such ports are
> > >> in use, and if not, make sure they are closed.
> > >Once the virus is on the LAN it can do whatever it wants.
> >
> > Hello!  Block the ports BEFORE they hit the LAN.  Proactive security.
> > Also, do us a favor and don't propogate the shit!
>
> What is all this rubbish about. Roughly 15% of all assests attached to a
> networks around the world are unaccounted for!! So how are you meant to
> protect yourself against them. Example - firewall blocking all ports,
> some one comes in with a laptop thats infected and bobs your uncle you
> left scratching your head wondering why your firewall didnt work. lmao
> that mi friends is the soft center that the black hat looks for!!
>

It is also a matter of well articulated policies.

Assumptions
----------------
1. You have an anti-virus/e-mail/content solution which updates signatures
files automatically from the Internet and deploys them automatically to all
the boxes in the network, with central alerting capabilities.

2. You have a firewall solution at the point connecting to the
Internet/other networks.

3. The laptop is infected with a worm that spreads through specific ports.
----------------


Now, someone comes in with a laptop that is infected and connects to the
LAN.
When it starts trying to infect external addresses, the firewall catches it.
If it tries to infect local machines, the anti-virus software catches it.
Supposing you have adequate alerting procedures in place, in both cases, the
source of the infection is easy to detect.





I?igo Koch
Red Segura


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ