Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security, baby steps ?
From: "Geo." <geoincidents () getinfo org>
Date: Wed, 17 Mar 2004 13:22:29 -0500

Sorry to sound incredibly dense, but if the machine in question is never
being connected to a network does it really need securing/patching?

I never said a machine is never being connected to a network. There are lots
of places that in the interests of security require a machine to be fully
patched (perhaps even hardened) before it is allowed on either an internal
or external network.

This is not as rare as you might think, there are even some universities now
who in trying to deal with the flood of infected machines each time students
return from break are beginning to have requirements (some scan the
machines) you must meet before being given internet access. So the only way
to patch is to have a friend download the patches, burn a CD and then sit
there and apply them.

The problem with doing that is that it's not simply a matter of downloading
the latest service pack and latest rollup. Try it, get hfnetchk and go thru
patching a Windows 2000 machine without that machine being on the internet,
you'll go nuts. Even the stupid check tools assume you have the thing on the
net before it's patched.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]