Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Microsoft Security, baby steps ?
From: Valdis.Kletnieks () vt edu
Date: Wed, 17 Mar 2004 13:00:32 -0500

On Wed, 17 Mar 2004 16:19:36 GMT, Jos Osborne <Jos () meltemi co uk>  said:
It doesn't address the issue. The requirement is that some MS customers need
to patch without putting the machine on the internet. For whatever reasons.

Is that such an unreasonable request?

Geo.

Sorry to sound incredibly dense, but if the machine in question is never
being connected to a network does it really need securing/patching?

Yes, it does.  Unless you have physical security in place to guarantee that *all* access
is from trusted users, you need to patch the box.

1) It may be going on a *corporate* network that doesn't have direct *internet*
connectivity.

2) Such things as standalone multiuser machines *do* exist - they need to be
secured as well.  Similarly for standalone boxes in non-secured locations - consider
the case of a PC-based cash register in a store...

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]