Re: Blaster Recurrence

From: GertJan Hagenaars (incidents_at_hagenaars.com)
Date: 03/02/04

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Releasing patches is bad for security"
    Date: Tue, 2 Mar 2004 15:19:11 -0500
    
    

    Apparently, Matthew Pope wrote:
    % E. Jimmy Allotey wrote:
    %
    % >Thanks to all for your help. I have traced it down to a user who has
    % >been on study leave since the day after the blaster hit and whose office
    % >was locked so the machine could not be disinfected.
    %
    % Mr. Study-leave should study security while on leave. Physically
    % locking one's office (with no key for others) where a PC is powered on
    % and connected to the network is just a tad sub-optimal for network security.

    It just means that you walk by the computer room to unplug his network
    drop on your way back to your desk (and then you turn that into a policy
    for anyone who's away for more than two days).

    Alternatively, if you have VLAN capability, you can do it _from_ your desk.

    Alternatively, you can assign it a non-routable IP address via DHCP.

    Alternatively, you can break into the box and shut it down (obviously,
    it has at least one security hole).

    Alternatively, you can get someone from building maintenance with a
    master key to open the door for you so you can impound the PC.

    Soo many choices, so little time...

    CHeers,
    GertJan.

    -- 
    +++++++++++++ -------- +++++ --- ++ - +0+ + ++ +++ +++++ ++++++++ +++++++++++++
    sed '/^[when][coders]/!d         G.J.W. Hagenaars -- gj at hagenaars dot com
        /^...[discover].$/d          Remembering Mike Carty 1968-1994
       /^..[real].[code]$/!d         UltrixIrixAIXHPUXSunOSLinuxBSD, nothing but nix
    ' /usr/dict/words                I'm Dutch, what's _your_ excuse?
    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security
    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.
    Download your free trial at 
    http://www.securityfocus.com/sponsor/Astaro_incidents_040301
    ----------------------------------------------------------------------------
    

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Releasing patches is bad for security"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)
    • Re: Any Intrusion Detection Appliances handle wired and wireless networks?
      ... > Network Security Specialist ... firewall with virus/spam protection, URL filtering, VPN, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: blocking p2p traffic
      ... Network Security Specialist ... the comprehensive security solution that combines six ... firewall with virus/spam protection, URL filtering, VPN, ...
      (Focus-IDS)
    • RE: Entercept HIDS Question
      ... This is one of those it depends on your network and application ... Subject: Entercept HIDS Question ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: DHCP or Probe?
      ... somewhat limited understanding of cable network architecture, ... >> Security Linux, the comprehensive security solution that combines six ... > Protect your network against hackers, viruses, spam and other risks with Astaro ...
      (Incidents)