Re: Browser Vulns
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 07/19/04
- Previous message: fIrestOrm: "Windows Update v5 and XPSP2RC2"
- In reply to: Laura A. Robinson: "RE: Browser Vulns"
- Next in thread: James Riden: "Re: Browser Vulns"
- Reply: James Riden: "Re: Browser Vulns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Jul 2004 09:25:04 -0700 To: "Laura A. Robinson" <laurarobinson@earthlink.net>
On that note someone pinged me the other day looking for a "Best
practices" of Egress filtering. Anyone have [besides going down the
IANA port listing] a rogues gallery of ports that need to be proactively
blocked? Going down the Snort rule database would probably be a start,
too I guess... ;-)
[I would argue that the incident has occurred and blocking the ports is
just putting a tourniquet on the wound..but ....I digress...
Susan
Laura A. Robinson wrote:
>Just out of curiosity, how many (few) users do you have that this is a
>workable approach? And wouldn't ingress/egress monitoring be more effective
>than poking at cookies?
>
>Laura
>
>
>
>>-----Original Message-----
>>From: Eric McCarty [mailto:eric@lawmpd.com]
>>Sent: Wednesday, July 14, 2004 11:27 AM
>>To: James Bowman; focus-ms@securityfocus.com
>>Subject: RE: Browser Vulns
>>
>>I prefer Choice E : Education
>>
>>Tell your users what to do and not do, then run desktop
>>auditing software to review browser/cookie history to see
>>violators of the policy and take appropriate action.
>>
>>Patching wont help if no patch exists. Check out Pivx for choice B.
>>
>>Eric
>>
>>-----Original Message-----
>>From: James Bowman [mailto:jim@drexel.edu]
>>Sent: Tuesday, July 13, 2004 9:11 PM
>>To: focus-ms@securityfocus.com
>>Subject: Browser Vulns
>>
>>
>>
>>
>>Posing a question to Security Managers regarding the massive
>>attention now on browser vulnerabilities.
>>
>>
>>
>>How are you reacting (if at all):
>>
>>A: Patching
>>
>>B: HIPS / HIDS
>>
>>C: Content filtering via proxy
>>
>>D: Other...
>>
>>
>>
>>For those choosing B:, how is your flavor of HIPS / HIDS faring?
>>
>>For those choosing C:, what is working for you, and for
>>either B: or C:, is it signature or PAD based?
>>
>>
>>
>>JB
>>
>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>-------------
>>
>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>-------------
>>
>>
>>
>
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
>
>
>
>
-- http://www.sbslinks.com/really.htm --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: fIrestOrm: "Windows Update v5 and XPSP2RC2"
- In reply to: Laura A. Robinson: "RE: Browser Vulns"
- Next in thread: James Riden: "Re: Browser Vulns"
- Reply: James Riden: "Re: Browser Vulns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
