Re: Proxy server hit... Any ideas?

• Previous message: Aaron Lewis: "RE: wu-ftpd attack ???"
• Maybe in reply to: Mike Cain: "Proxy server hit... Any ideas?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: incidents@securityfocus.com
From: "Toby Felgenner" <felgenner@unicc.org>
Date: Tue, 26 Nov 2002 18:01:43 +0100

Software Update Services (SUS) may help you, see:

http://www.microsoft.com/windows2000/downloads/recommended/susserver/default.asp

or

http://www.microsoft.com/windows2000/windowsupdate/sus/susfaq.asp

If you don't trust automatic updates, don't bother reading any further
(then again, if you have 30,000 hosts how else are you going to do it?).

Setup a protected server to get the updates from M$. Then test the updates
in your test environment. If the updates pass all your tests, then Approve
and distribute the updates to another internal SUS Server. Your client
hosts then pick up the only the updates that you have approved from your
own internal SUS server.

Trouble is, you need to have installed the Automatic Updates client
software on all your Windows clients beforehand :-(
It's available for Win2000 (included in SP3 but is also available
separately) and WinXP but it's not available for WinNT :-(

                    Valdis.Kletnie

                    ks@vt.edu To: Emeric Miszti
<emeric@uksecurityonline.com>
                                         cc:
incidents@securityfocus.com, (bcc: Toby Felgenner/ICC)
                    22-11-02 05:12 Subject: Re: Proxy server
hit... Any ideas?
                    AM

On Fri, 22 Nov 2002 00:52:42 GMT, Emeric Miszti said:

> 1) Ensure that you have an effective perimeter firewall that blocks all
> incoming traffic to the new box

Excuse me while I fall over laughing. I have some 30K hosts on my network,
and there's no really scalable way to say "OK, this box is about to be
upgraded, disable its HTTP access to anything other than windowsupdate"
and then 3 hours later "OK, let it talk to the rest of the web again".

The rest of Emeric's points are quite good - but sometimes it's not as
easy as it looks... ;)

--
                                          Valdis Kletnieks
                                          Computer Systems Senior Engineer
                                          Virginia Tech
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: David: "Re: wu-ftpd attack ???"
• Previous message: Aaron Lewis: "RE: wu-ftpd attack ???"
• Maybe in reply to: Mike Cain: "Proxy server hit... Any ideas?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? ... will be people locking themselves out from far-away remote ... hosts (on updates, for instance) if this becomes the default. ... (FreeBSD-Security) Re: SOMEONE HELP ME!!!! PLEASE!! ... > connection to get those updates but these programs found ... Now enter the search term "hosts" without the quotes. ... you'll get a Windows dialog box saying ... Stinger, other removal tools, etc. that have been downloaded from ... (microsoft.public.security.virus) Re: HTTP Error 403 Forbidden Internet Explorer ... Webroot Spy sweeper, Zone Alarm etc. ... you can't download updates for any of those ... Does this error message appear in your IE browser window? ... get updates for Norton,) then it is possible that the hosts file has been ... (microsoft.public.windowsxp.general) Re: Proxy server hit... Any ideas? ... > (then again, if you have 30,000 hosts how else are you going to do it?). ... > Setup a protected server to get the updates from M$. ... > and distribute the updates to another internal SUS Server. ... was developed so multiple teams could test MVS releases on the same very ... (Incidents) Re: Nachtrag ... nicht wirklich was da los ist, die Reversed-LookUp Zones hat er fleissig aufgebaut, die normale Forward wird jedoch weder geupdated noch überhaupt aufgebaut (was die Hosts betrifft)..Dynamische Updates sind aktiviert, auch ... ausser den DNS runterzuschmeissen und neu aufzusetzen? ... (microsoft.public.de.german.windows.server.active_directory)