RE: Users slam Microsoft Security Analyser

From: Marc Fossi (mfossi@securityfocus.com)
Date: 04/15/02

• Previous message: John Wienand: "RE: Users slam Microsoft Security Analyser"
• Maybe in reply to: Thor@HammerofGod.com: "Users slam Microsoft Security Analyser"
• Next in thread: Schwartz, Stanley: "RE: Users slam Microsoft Security Analyser"
• Next in thread: John Wienand: "RE: Users slam Microsoft Security Analyser"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 15 Apr 2002 14:20:26 -0600 (MDT)
From: Marc Fossi <mfossi@securityfocus.com>
To: "Schwartz, Stanley" <sschwartz@stlo.smhs.com>

On Mon, 15 Apr 2002, Schwartz, Stanley wrote:

> </EndLurk>
>
> Sorry. I'm disagreeing again.
>
> Even if you patched your servers up the most current level, there WILL be
> another "discovery" (which somehow made it by Microsoft's extensive
> testing). ...which means you'll (once again) have to evaluate the hotfixs'
> necessity for being introduced into your environment, then find, download,
> and test it. All of which take time that most of us don't have in the first
> place.
>
> Thanks again,
> Stan :)
>
> <BeginLurk>

I'd just like to point out that the same can be said about Apache, Unix,
Linux, Solaris, etc. I'm not defending MS, but a lot of the
responsibility does go to the admin as well.

Proper configuration can go a long way in securing a system. Many admins
weren't patched for the ISAPI buffer overflow from MS01-033 but never got
hit by CodeRed. Why? Because they weren't using the .ida and .idq
extensions so they removed the mappings from IIS. Disabling and removing
unnecessary services and components goes a long way. The same goes for
properly locking down ACL's and group permissions, proper firewalling,
etc.

As for the amount of time that these things take...
You can either spend x number of hours securing and patching, or you can
spend y number of hours cleaning up after an incident, not to mention lost
revenue for downtime if you're an e-commerce shop. And usually in
incident recovery, y is greater than x (plus y usually seems to happen at
2:30 in the morning for some reason).

Cheers,

Marc Fossi, MCSE
SecurityFocus
www.securityfocus.com

---

• Previous message: John Wienand: "RE: Users slam Microsoft Security Analyser"
• Maybe in reply to: Thor@HammerofGod.com: "Users slam Microsoft Security Analyser"
• Next in thread: Schwartz, Stanley: "RE: Users slam Microsoft Security Analyser"
• Next in thread: John Wienand: "RE: Users slam Microsoft Security Analyser"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Users slam Microsoft Security Analyser ... does go to the admin as well. ... Proper configuration can go a long way in securing a system. ... spend y number of hours cleaning up after an incident, ... (Focus-Microsoft) RE: Should webservers, eg. IIS 6 have anti--virus installed on them? ... > know the proper way to ride bike, ... > from a SQLSpida worm infection. ... you could blame it on the sys admin. ... > make your web server impervious to compromise, ... (Focus-Microsoft) Re: Outlook Web Access does not display properly on the premium view. ... Yep, ive got this problem too, but i have yet to have a proper answer. ... If you login to the xp machine as an admin can you view it correctly then?? ... Tristan ... Tony ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)