Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins
From: Antonio Calvillo (acalvillo_at_PRODIGY.NET.MX)
Date: Wed, 2 Jun 2004 15:37:09 -0600 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Congrats!!!! It's a great job what you have done here. And let me tell you
that it is a great behaviour study and I couldn't agree more with you. As I
have told you before and I'm still convinced, there is nothing that can
protect you better than appropiate security practices. In the las 5 years
I've been IT manager of 2 different companies and I'm still free of
infections, just by having a couple of firewalls and a corporate version of
an antivirus (trend micro officescan is my favorite.) Having the appropiate
security scheme patching becomes secondary.
Also you got to have some common sense, anyone could have seen that lsass
vulnerabilty was a worm waiting to happen, as it was with the IIS
vulnerability that "redcode" exploited.
My rules of thumb are:
If the exploit affects IIS patch inmediately.
Start your firewall configuration from a "nothing comes in, nothing goes
out" configuration, and work from there.
Laptops must be separated from the rest of the network by a properly
Give access permissions to your wireless network by MAC Address, Also always
And number one:
Filter file types on your mail servers. Don't ever bother to screen an .exe
file for viruses, just delete it, along with .vbs, .com, .pif, etc. Etc.
It has worked for me.
PD. Looking at the way things are going about security in the corporate
world, What do you think about "Senior Paranoid" for your title?? I would
like it for myself.
De: Windows NTBugtraq Mailing List [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM]
En nombre de Russ
Enviado el: Miércoles, 02 de Junio de 2004 11:43 a.m.
Asunto: Russ Cooper's AusCERT Presentation on MS Security Bulletins
As you may have heard, I did a presentation last week at the 2004 AusCERT
Conference in Gold Coast, Australia.
Patch Automation v6.0 by Mobile Automation, Inc. allows you to quickly
identify and fix all PC's that are exposed to the Sasser worm! Our
solution provides quick and seamless discovery and deployment of all your
PC computer's Microsoft security patching needs. Regardless of where
you're PC's reside (inside the LAN, at home or on the road), Patch
Automation gets the job done. Contact us to learn about our free 30-day
trial version at 800-344-1150 or visit our website at