[plug] MS vulnerability

indy at THE-TECH.MIT.EDU indy at THE-TECH.MIT.EDU
Fri Aug 15 17:29:35 WST 2003 

It's probably not practical to make any changes immediately,
but it's worth considering some architecture tweaks by the sound of it.

Vlanning laptops off can be tremendously beneficial,
especially since you seem to have the other bases covered,
thus it's your major remaining vulnerability..

Indy


On Fri, Aug 15, 2003 at 05:20:55PM +0800, Ben Jensz wrote:
> About half of the computers at my work got infested with the .B variant 
> of Blaster.
> 
> It didn't make it in past the firewall, web or via email.  It came in 
> through the one way I wasn't expecting.  A certain user decided to take 
> their laptop home and dial-up with BigPond directly to the internet 
> without a firewall (don't even get me started) and started getting the 
> RPC errors with their computer shutting down every 10 minutes, but of 
> course they didn't come and ask before plugging it back into the network 
> the next day.  It took probably no more than a minute from the person 
> plugging it in until I pulled the core switch and half of the machines 
> were infected.
> 
> We don't have a Windows server (and still have no intention of getting 
> one), so updating of Windows without Microsoft's Software Update 
> Services (SUS - which only runs on their server OS, not even a 
> left-on-all-of-the-time XP Pro box could be used) is almost a full time 
> job in itself, so it gets done every couple of months.  Also the 
> anti-virus we use didn't get updated for the variant we got until the 
> same day we got infected (it was available about an hour before we got 
> it, so auto-update didn't pick it up in time).  My work computer didn't 
> notice a thing though as I was running Mdk9.1 at the time :)
> 
> Laptop users really are annoying, had the same person get two laptops 
> stolen in the space of 6 months and another one brings a diseased one in 
> and infects the desktops.... *sighs*
> 
> 
> / Ben
> 
> 
> Randal Adamson wrote:
> 
> >As for NT4, M$ had stopped supporting it a while ago. 2K will eventually
> >follow suit now 2K3 (2003) is out. Who knows how long they will support
> >2K for.
> >
> >For all other (newer versions), all people have to do is:
> >
> >1)	Ensure they have applied the current security patches and fixes
> >from M$
> >2)	Use a Firewall between their PC's and the Internet
> >3)	Have the latest Virus Definitions with their Anti-Virus Software
> >
> >Or:
> >
> >1)	Use Linux
> >
> >:P
> >
> >I know what I'd choose!
> >
> >Cheers,
> >
> >Ranz
> >
> >  
> >
> 

-- 
Indranath Neogy
<indy at the-tech.mit.edu>

More information about the plug mailing list