Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: The Morris worm to Nimda, how little we've learned o r gained

RE: The Morris worm to Nimda, how little we've learned o r gained

From: Behm, Jeffrey L. <BehmJL_at_bvsg.com>
Date: Thu, 3 Jan 2002 17:04:38 -0600

>At the very least, jobs should be on the line when companies are
compromised by code
>that could have long been prevented by patching of applications and OS's,
>especially when those patches have been widely available and publicly
>announced. Even an arson victim faces penalties if they have violated

I agree with your article as a whole, but take minor exception to the above
paragraph.

Is the job on the line if there are no or very little resources available to
test the patches?
I don't think you aren't suggesting blind application of all security
related patches released from a given vendor, so how does one decide which
are the "real" ones to apply, and which are the "ones we don't really need."
It's the old adage of "apply patches and take a chance of breaking
something" vs. "don't apply the patch until you are sure you need it" (but
how are you "sure"?)

I.E. Is my job on the line if I apply a patch and it causes more damage (due
to my own corporate implementation) than the issue it was supposed to fix?

I will give you that there are some patches that one should apply due to the
severity of the consequences of not applying it (BIND, Sendmail, and
others). My point is that if the company is not willing to provide the
resources (time, hardware, people) needed to properly test the patch(es),
the job should not be "on the line."

A minor point, perhaps, but with the lack of skilled security admins, and
unwillingness of companies to provide adequate resource to security
infrastructure (including patch testing), I don't think all the blame lies
on the ones that "should have known the patches needed to be applied."

IMHO (and no flame nor offense intended!),
Jeff

Statements made are my personal opinion and in no way reflect the views of
any company, corporation, or business.

>-----Original Message-----
>From: R. DuFresne [mailto:dufresne_at_sysinfo.com]
>Sent: Thursday, January 03, 02 3:11 AM
>To: firewall-wizards_at_nfr.net
>Subject: [fw-wiz] The Morris worm to Nimda, how little we've learned or
>gained
>
>
>
>
> The Morris worm to Nimda
> how little we've learned or gained
>
>
> by: Ron DuFresne
> (c) 2001
>
>
>
>
>2001 was a tumultuous year. Prior to the September 11 airline
>attacks on

<snip>
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Jan 04 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]