Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security, baby steps ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 18 Mar 2004 23:13:42 +1300

"Full-Disclosure" <fd () weevers net> wrote:

In an corporate environment, you will have SUS or SMS running.
If so, no need for internet access.

But, need for general network access to get to those machines.  thereby 
breaking the "no general network access until secure" rule.  You could 
have a second SUS/SMS setup mirroring the configs off the general 
netowrk ones and only allow that to synch off the general one when the 
test/setup network is not being used for anything else _and_ no 
"unfinished" boxes are attached to the test/setup network.

Also, in other "institutional" environments that are nmot strictly 
"corporate" that distinction can be _very_ hard to meet for such a 
setup (e.g. universities and the like).

If you don't have this, just place a firewall on the box, or before the
How hard can this be ? You do it the same way, as you would do before
would patch debian/*bsd/gentoo/ect/ect/ect.

Yeah, yeah.

It's easy to decide the level of exposure _you_ are comfortable with 
and I was not saying tat everyone should do it that way, just that that 
was a valid set of restrictions to have to work under.

There is no real problem here. Don't blame microsoft if you can't come
up with solutions to simple security "problems".

I was not blaming them for that.  I was balming them for their own 
failure (much like yours) to think outside their own level and realm of 
experience and/or their faiulure (much like yours) to acknowledge that 
there could be situations where the solution they were comfortable with 
was not acceptable.

Think outside the box dude -- oh wait, it seems you cannot see it, so I 
guess that is asking too much of you...


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]