Re: WinXP SP2 Firewall ??? Serious!
From: Peter Houppermans (haz.20.cheros_at_spamgourmet.com)
Date: 09/29/04
- Next message: andy smart: "Re: Surfing at Work"
- Previous message: Peter Houppermans: "Firefox"
- In reply to: johns: "WinXP SP2 Firewall ??? Serious!"
- Next in thread: Leythos: "Re: WinXP SP2 Firewall ??? Serious!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 15:19:10 +0100
Having read this whole thread it strikes me that you consider a firewall the
core of your defence. I have news for you - that only works if you don't
actually have any users ;-(. You have what is known as 'brittle' security,
in your case 'hard shell, soft centre'. Or, to close the text book, you
lack defence in depth and are exosed to insider threat (your users ;-).
As soon as they go and surf, email or otherwise use the Internet they will
be exposed to all the wonderful stuff MS lets you download without the
slightest warning (auto-install, for instance), newly developed hacks (the
jpeg issue is but one of many) and plain vanilla social engineering ("click
here to get <desktop gadget>").
See if you can get them at least to accept using the web when logged in as a
'regular' user instead of with admin rights, that will offer a small degree
of containment. I'd also recommend avoiding IE where possible as a lot
BHOs can offer a nice route into the users' desktop (Spybot Search &
Destroy is your friend here). Use Firefox where possible, and while you're
at it you ay want to rethink using Outlook (Express as well as 'regular').
If you absolutely have to, at least make sure preview is disabled as that
forces any HTML email to be rendered (and thus any stuff inside to be
executed). To give you an idea how clever preview is, imagine what happens
when you want to delete an email you KNOW has dodgy stuff in. You
highlight it to delete it - and it then executes it. Duh.
As for introducing a firewall, get a Linux box or something (i.e. grab an
older desktop and add an extra network card) and sell it to your staff as a
'proxy' - all of them looking at Dilbert means it'll only hit your
bandwidth once. A bit of social engineering helps ;-).
Oh, btw, if you want to spot any resident virus infections quickly, install
a tool called 'Etherape' on a machine that runs Linux. You'll spot an
infection as it will broadcast - it's quite well visible with Etherape (I
used it to detox a 30k global network where nobody had ever heard about
containment, planning and segmentation. Arrgh ;-).
Good luck.
-- Regards, /// Peter /// haz.20.cheroschicken@spamgourmetcow.com (remove animals from signature fist)
- Next message: andy smart: "Re: Surfing at Work"
- Previous message: Peter Houppermans: "Firefox"
- In reply to: johns: "WinXP SP2 Firewall ??? Serious!"
- Next in thread: Leythos: "Re: WinXP SP2 Firewall ??? Serious!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
