RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
From: Ron DuFresne (dufresne_at_winternet.com)
Date: 07/31/03
- Previous message: Ron DuFresne: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPCexploit (dcom.c)"
- In reply to: Bojan Zdrnja: "RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Next in thread: Bojan Zdrnja: "RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Reply: Bojan Zdrnja: "RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Bojan Zdrnja <Bojan.Zdrnja@LSS.hr> Date: Wed, 30 Jul 2003 17:19:45 -0500 (CDT)
>
> > Still the best defensive porture is taken at the entrance and exit points
> > as pertains to most all these 'services'. If the ports 135 and 1433 etc
> > are blocked, both tcp and udp protocols, then patching becomes far less
> > dramatic, even if a few machines inside get infected due to laptops or
> > what have you. when the flow on the wire for a segment
>
> Perimeter blocking is not everything.
> It's an important part of your security policy, but I think you're
> overstating that.
>
> Is it too difficult to write a worm which will spread through RPC DCOM (this
> is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You can
> have the best port blocking in the world and still be infected in a second.
Cool, perimiter security and forcing users to text only based e-mail
clients liek e-mail was intended <grin>.
>
> The solution for this is long term improvement of security, strong security
> policies *AND* education.
Eucation works poorly. Educate you users and then 30 minutes later some
of thm will go to their everything-AND-the-kitchen-sink desktop OS, click
on that same mass mailed exe you just told them not to click on, and
reopen the need to once again re-educte your userbase cycle. Of course 9
out of 10 times it;s going to be one of the upper mgt folks that pushed
for the employee education project that does the uncondoned clicking of
that exe...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Ron DuFresne: "Re: [Full-Disclosure] Avoiding being a good admin - was DCOM RPCexploit (dcom.c)"
- In reply to: Bojan Zdrnja: "RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Next in thread: Bojan Zdrnja: "RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Reply: Bojan Zdrnja: "RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
