mailing list archives
RE: Your opinions on spyware, adware, spam, etc. and dealing with them
From: "Kevin Doheny" <kdoheny () CNP net>
Date: Thu, 30 Jun 2005 13:21:04 -0400
A quick point:
1st - Prashant - the American Constitution does not apply to other countries.
You are right on the money. FD is the only way to level the playing field... Even if sploit code was not made
public... many ....of.... us would have no problem getting hold of it - one way or another. So I say, in a world of
rampant code reuse, slack coding standards, etc... spread the code... implement smart security and prosper.
From: Prashant Meswani [mailto:prashant.meswani () ukonline co uk]
Sent: Wed 6/29/2005 4:07 PM
To: 'Joe George'; security-basics () securityfocus com
Subject: RE: Your opinions on spyware, adware, spam, etc. and dealing with them
What I am about to say is not an attack on your comments, so I hope that it
isn't taken that way.
Would you want someone to hack / crack into your network and steal all or
data, or would you feel safer knowing that your data is safe? Is it ethical
for a hacker / cracker to break into your network and steal your data with
your knowledge? You could cite the first amendment of the American
Constitution, but how far does that go in terms of overseas protection?
How far does one have to go to protect ones network? There is no hard or
fast rule on this from what I understand. Part of the answer, I believe, is
to educate staff and to ensure that the Security policy IS enforced.
There is an appliance called Bluecoat (which is not an intentional plug as I
don't work for them) that when configured correctly, prompts the user (who
will have their systems configured to point to it for Internet access) to
accept the AUP before they use the internet, and if they breach it, a
notification is sent to their superiors. The staff will get a warning from
their superiors. In terms of how to stop threats....it's down to education
and enforcement as well as having the right kit. To protect against external
initiated intrusion, that is purely down to firewall policies as well as
having an IDS (which is, depending on your definition, correctly configured)
installed on your network at every entry point. Having network based Virus
and IDS scanning devices should be crucial to defending against many threats
(I use many as some threats are physical and social based).
I know what I have said doesn't make complete sense and doesn't go far to
answering your question thoroughly, but I hope that someone can either
correct me or extend on what I have mentioned above.
Prashant Meswani, CEH
The opinions expressed in this email are those of my own and does not
represent those of any organisation or associations to which I belong to
unless stated otherwise.
From: Joe George [mailto:j.george () conservation org]
Sent: 29 June 2005 16:50
To: security-basics () securityfocus com
Subject: Your opinions on spyware, adware, spam, etc. and dealing with them
It has been very informative and helpful hearing your opinions. I'd
like to ask you all what are your thoughts on the various anti-security
threat software that is available out there? I've read many articles
and tried out many such as spam filters (Spam assassin, Postini
products, Brightmail) anti-spyware apps like Xoftspy, Spybot,
MS-antispyware, Ad-aware, along with a myriad of others. Some indeed
work better than others, and it is clear that it is necessary to use
more than one in a lot of cases. It seems though, that malware evolves
with the software used to remove it. At one point, I felt I saw a light
at the end of the tunnel.
Implementing a security policy, restricting local admin access in
Windows environments along with implementing IDS, managed anti-virus
software, blacklists, and so forth work very well, but doesn't mean
intrusion can't take place. Do you all feel it is a never-ending
battle? What do you all feel is the next step in combatting MalWare?
How do you all feel about Federal authorities enacting legislation?
What do you think are the moral and ethical implications? I have had
these questions on my mind awhile, !
and I just wanted to get your thoughts.
Thank you in advance for your input!