RE : most avtive attack type

From: Bourque Daniel (Daniel.Bourque_at_loto-quebec.com)
Date: 08/13/04

  • Next message: first last: "RE: most avtive attack type"
    To: focus-ms@securityfocus.com
    Date: Fri, 13 Aug 2004 16:14:41 -0400
    
    

    I think educated users are even more dangerous because they think they have
    it all cover, the admin being the worse ones...

    I don't trust users, I don't trust AV (I run 4 different one from different
    companies), I don't trust firewall (I run 2 from different companies), I
    don't trust IDS (I run 2 from you guess what) and over all, I certaintly
    don't trust myself... There is so much to learn that the more I learn, the
    less I know.

    Good week-end all and good sleep, it could be the last for some days... :o)

    -----Message d'origine-----
    De : Aaron Lewis [mailto:aaron@adldatacomm.net]
    Envoyé : 13 août, 2004 11:28
    À : focus-ms@securityfocus.com
    Cc : macleonard@softhome.net
    Objet : RE: most avtive attack type

    Agreed. I would say most email viruses / worms enter a system due to a user
    who is so curious they have to open it. Educating the users and having them
    understand the problem and the solutions is very key in maintaining a sound
    environment. Blocking some outgoing traffic of well known threats at the
    border device can help too.

    I know Admins at the local government level who don't run AV or patch their
    systems because they have a firewall and they think nothing can get to them.
    The worst part is the Admin doesn't know anything about networking and the
    firewall setup was outsourced and hasn't been touched since install.

    Yes I said government
    ADL

    -----Original Message-----
    From: MacLeonard Starkey [mailto:macleonard@softhome.net]
    Sent: Thursday, August 12, 2004 3:49 AM
    To: focus-ms@securityfocus.com
    Subject: Re: most avtive attack type

    Much of what I am currently seeing are email based vectors,

    as such, they rely either on holes in the client software which allows
    immediate execution of attachments, or the human factor.

    Make sure you educate your users, or all the firewalling and patching in the
    world won't help you

    regards,

    Macca

    first last wrote:

    > Hello everyone,
    >
    > I was wondering what the most common type of attack to expect to get
    > hit with over a network is. I will be protecting a MS based network.
    >
    >
    > The other thing i was thinking is in this senerao what type of attacks
    > should you be watching out for?
    >
    > senerao: Small TCP/IP network (sub 6 pcs) All have the latest MS
    > client or server OSes fully patched. IPSec running as a firewall, all
    > trafic monitered/logged, services configured (and disabled) 1
    > Software router, 1 Hardware router (firewall running on each) im
    > thinking thats about it.
    >
    > Thanks for the help it is greatly apricated
    >
    > _________________________________________________________________
    > Express yourself instantly with MSN Messenger! Download today - it's
    > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
    >
    >
    > ----------------------------------------------------------------------
    > ----
    -
    > ----------------------------------------------------------------------
    > ----
    -
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: first last: "RE: most avtive attack type"

    Relevant Pages

    • Re: Handling Sysads resignation/termination
      ... the admin is out-- what is the ... your HR department and your firm's Attorneys ... You can't protect yourself against the actions of one in a trusted position ... the breech of trust has taken place. ...
      (Pen-Test)
    • Re: Windows Server 2003 domain trust issue
      ... That was tracked down to the Watchguard firewall at the remote ... DNS functioning (I should say that the odd thing is that there was already ... checking the status of the listed ports. ... Depending on how much you REALLY trust the other people, ...
      (microsoft.public.windows.server.dns)
    • Re: Is additional firewall necessary?
      ... deactivate any desktop firewall, but by not using such a firewall ... NOT use a feature or to NOT trust some random stranger. ... When it comes to deciding the level of security to be taken, ...
      (comp.security.misc)
    • Re: creating one way trust
      ... Let me try to understan a little more about youre network. ... There isn't any firewall in between except the win2003svr built in firewall. ... > trust is in different network). ... >>> configuring that, i got the message the domain can't be contacted. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Trust Issues
      ... I understand both of two DCs in the same subnet and there is no firewall ... similiar function to block the port. ... other words, if you share a folder in win2k domain, are you able to select ... I ask these questions intend to know if the trust has been sucessfully ...
      (microsoft.public.windows.server.general)