Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins

From: Antonio Calvillo (acalvillo_at_PRODIGY.NET.MX)
Date: 06/02/04

  • Next message: Rafel Ivgi, The-Insider: "180 Solutions Exploits and Toolbars Hacking Patched Users(I.E Exploits)" 
    Date:         Wed, 2 Jun 2004 15:37:09 -0600
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Congrats!!!! It's a great job what you have done here. And let me tell you
    that it is a great behaviour study and I couldn't agree more with you. As I
    have told you before and I'm still convinced, there is nothing that can
    protect you better than appropiate security practices. In the las 5 years
    I've been IT manager of 2 different companies and I'm still free of
    infections, just by having a couple of firewalls and a corporate version of
    an antivirus (trend micro officescan is my favorite.) Having the appropiate
    security scheme patching becomes secondary.

    Also you got to have some common sense, anyone could have seen that lsass
    vulnerabilty was a worm waiting to happen, as it was with the IIS
    vulnerability that "redcode" exploited.

    My rules of thumb are:

    If the exploit affects IIS patch inmediately.
    Start your firewall configuration from a "nothing comes in, nothing goes
    out" configuration, and work from there.
    Laptops must be separated from the rest of the network by a properly
    configured firewall
    Give access permissions to your wireless network by MAC Address, Also always
    use encryption.

    And number one:

    Filter file types on your mail servers. Don't ever bother to screen an .exe
    file for viruses, just delete it, along with .vbs, .com, .pif, etc. Etc.

    It has worked for me.
    Best regards,
    Antonio Calvillo.

    PD. Looking at the way things are going about security in the corporate
    world, What do you think about "Senior Paranoid" for your title?? I would
    like it for myself.
     

    -----Mensaje original-----
    De: Windows NTBugtraq Mailing List [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM]
    En nombre de Russ
    Enviado el: Miércoles, 02 de Junio de 2004 11:43 a.m.
    Para: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Asunto: Russ Cooper's AusCERT Presentation on MS Security Bulletins

    Howdy,

    As you may have heard, I did a presentation last week at the 2004 AusCERT
    Conference in Gold Coast, Australia.
    ..........

    -----
    Patch Automation v6.0 by Mobile Automation, Inc. allows you to quickly
    identify and fix all PC's that are exposed to the Sasser worm! Our
    solution provides quick and seamless discovery and deployment of all your
    PC computer's Microsoft security patching needs. Regardless of where
    you're PC's reside (inside the LAN, at home or on the road), Patch
    Automation gets the job done. Contact us to learn about our free 30-day
    trial version at 800-344-1150 or visit our website at
    <http://www.patchautomation.com>
    -----

  • Next message: Rafel Ivgi, The-Insider: "180 Solutions Exploits and Toolbars Hacking Patched Users(I.E Exploits)"

    Relevant Pages