Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security, baby steps ?[Scanned]
From: "James P. Saveker" <james () wetgoat net>
Date: Thu, 18 Mar 2004 14:44:33 -0000

Random Letters said....

1. Home users - don't have adequate protection and get turned into zombies. 
They then bombard us. OK - this is dealt with by an externally facing
firewall but see #2 below.

2. Office workers with laptops or VPN connections to the internal LAN - get
'infected' (see #1 above) and then connect to the internal LAN. They then
bombard any newly set-up PC before we get a chance to patch it. BTW you
still have to connect to a network if you have a SUS or SMS server.

By saying see #1 above you are comparing a corporate laptop to a home
computer?  Or are you suggesting that sysadmins should allow remote users to
come in from any phone line/IP and or public computer.  The thought of
allowing machines that do not belong to the company on the internal network
does seem like suicide.  

Also SMS(bits update) and SUS are not designed to bring machines up to date
from gold install editions.  That should be done by slipstreaming updates
onto install cd's and preferably in a corporate environment you are not
going to be installing lots of machines from disks so the same principal
should be applied to your RIS server or albeit image multicasting server.

The "need to patch before I put it on the network" / "need to put it on the
network to get the patches" IS a real problem for many sysadmins.

Why?  They must not be keeping there install images up to date.  "need to
put it on the network to get the patches" ; well that's just not true.

That's my five pence,

James Saveker

"The only thing which helps me maintain my slender grip on reality is the
friendship I share with my collection of singing potatoes..."

This e-mail has been virus checked by Sophos Mail Monitor. There are
inherent dangers in the opening any Attachments contained within e-mails.
wetgoat.net cautions you to make sure that you completely understand the
potential risks before opening any of the Attachments. You are solely
responsible for adequate protection and backup of the data and equipment
used in connection with this e-mail service, and wetgoat.net will not be
liable for any damages that you may suffer in connection with using,
modifying or distributing any of the Attachments.

Attachment: smime.p7s

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]