Re: Proxy server hit... Any ideas?

• Previous message: Aaron Lewis: "RE: wu-ftpd attack ???"
• Maybe in reply to: Mike Cain: "Proxy server hit... Any ideas?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: incidents@securityfocus.com
From: "Toby Felgenner" <felgenner@unicc.org>
Date: Tue, 26 Nov 2002 18:01:43 +0100

Software Update Services (SUS) may help you, see:

http://www.microsoft.com/windows2000/downloads/recommended/susserver/default.asp

or

http://www.microsoft.com/windows2000/windowsupdate/sus/susfaq.asp

If you don't trust automatic updates, don't bother reading any further
(then again, if you have 30,000 hosts how else are you going to do it?).

Setup a protected server to get the updates from M$. Then test the updates
in your test environment. If the updates pass all your tests, then Approve
and distribute the updates to another internal SUS Server. Your client
hosts then pick up the only the updates that you have approved from your
own internal SUS server.

Trouble is, you need to have installed the Automatic Updates client
software on all your Windows clients beforehand :-(
It's available for Win2000 (included in SP3 but is also available
separately) and WinXP but it's not available for WinNT :-(

                    Valdis.Kletnie

                    ks@vt.edu To: Emeric Miszti
<emeric@uksecurityonline.com>
                                         cc:
incidents@securityfocus.com, (bcc: Toby Felgenner/ICC)
                    22-11-02 05:12 Subject: Re: Proxy server
hit... Any ideas?
                    AM

On Fri, 22 Nov 2002 00:52:42 GMT, Emeric Miszti said:

> 1) Ensure that you have an effective perimeter firewall that blocks all
> incoming traffic to the new box

Excuse me while I fall over laughing. I have some 30K hosts on my network,
and there's no really scalable way to say "OK, this box is about to be
upgraded, disable its HTTP access to anything other than windowsupdate"
and then 3 hours later "OK, let it talk to the rest of the web again".

The rest of Emeric's points are quite good - but sometimes it's not as
easy as it looks... ;)

--
                                          Valdis Kletnieks
                                          Computer Systems Senior Engineer
                                          Virginia Tech
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: David: "Re: wu-ftpd attack ???"
• Previous message: Aaron Lewis: "RE: wu-ftpd attack ???"
• Maybe in reply to: Mike Cain: "Proxy server hit... Any ideas?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]