[plug] MS vulnerability

Ben Jensz plug at jensz.id.au
Fri Aug 15 20:21:41 WST 2003


Craig Ringer wrote:

> Thanks for that info. I'm now adjusting my requirements for being 
> allowed to plug laptops into our network to require a personal 
> firewall as well as the existing "up-to-date, not crap, virus scanner" 
> requirement.

The things you don't think of happening.  In the 4 and a half years I've 
been working at this current place, we've only been infected by one 
other virus, and that was due to a couple of users not logging on 
(Win98) EVER (hitting cancel).  The updates were dished out via login 
script at that stage.

We haven't had a Windows server since just after I started (NT4 
Server).  The box got taken out by lightning (damn shame that eh? :) ).  
So we technically still do have a valid licence of NT4 Server (which was 
actually NT3.51 full version with NT4 server upgrade).

>
> I'd never even thought of a worm spread into a firewalled LAN by a 
> laptop. *sigh*. I wish I could make the rule "no, you can't plug it 
> in" but no such luck. Can most switches do vlans by MAC address, or 
> does it need to be done by switch port?
>
> Maybe I should set up a vlan to force laptops etc to route via the 
> gateway to talk to the rest of the network, too... 


It depends on what type of switches you have.

I've got two HP Procurve 2524s (one being the core switch) that have 
about 70% of the network plugged into them, but unfortunately do to the 
arrangement of multiple buildings we still have hubs in several 
offices/buildings.  So I'm in the situation of still not being able to 
limit people plugging into spare ports (in this case it didn't make any 
difference as it was a user that normally is plugged into the network).  
I'm hoping to buy a Procurve 2650 soon (which is 48x 10/100, 2x 
10/100/1000 and costs the same as we paid for the first 2524 we've got) 
as our core 2524 is full.  VLANs is definitely something I may think 
about once I get pretty much everyone switched so that perhaps bouts of 
stupidity will be limited to specific departments (i.e. management :P).


/ Ben




More information about the plug mailing list