RE: [fw-wiz] Worms, Air Gaps and Responsibility

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 05/12/04

  • Next message: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility" 
    To: "Claussen, Ken" <Ken@kccweb.com>
Date: Wed, 12 May 2004 13:51:55 -0400 (EDT)

    On Wed, 12 May 2004, Claussen, Ken wrote:

    > Paul,
    > Even Cisco is not immune to the exploits.

    My point was that given the platform's ubiquity, we hadn't seen a worm-
    that doesn't mean it's not possible to do one, it means that it's not a
    given that ubiquity equates to common and automatic malcode exploitation.

    In fact, the point that we've had Cisco exploits in the past simply
    underlines the fact that ubiquity isn't the only driver for mass malcode
    exploits.

    > I have read several mentions of issues with corporate desktops and no
    > one has mentioned the use of Group Policy through AD to control which
    > EXEs are allowed to run by a user. This is one of the best methods to
    > stop malicious code at the desktop level. While it may be painful to
    > setup initially it is effective in many cases. In order to bypass this,
    > malicious code would need to use an "approved" EXE to launch itself.
    > This raises the bar significantly.
    > Ken

    Indeed, Wes used to evangelically espouse using ISA server to do much the
    same thing for Internet stuff.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
    • Quantcast