Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security? Real LANs[Scanned]
From: "James P. Saveker" <james () wetgoat net>
Date: Thu, 18 Mar 2004 19:23:13 -0000

Random letters said...

No,  but people do use their laptops outside the office. It can be quicker
to get infected than get either Windows or virus updates. When they bring
their laptop onto the LAN (either through VPN or physically) then they are
an internal source of infection that an external firewall can't filter. 
(Sh)It happens.

I do respect what you have said.  Yes indeed a weak point on many networks
are remote roaming users. However I am not sure I fully agree.  Let me
explain my thoughts...

Remote user takes laptop home.  This laptop must have a independent
application level and stateful firewall as it's being used from in front of
the corporate firewall appliance.  It will receive updates whilst connected
to the internet in respect to AV definitions.

In my environment when the remote clients VPN (via IP not dial up) into the
network there AV definitions are updated via HTTP before the client is
assigned an internal address from the DHCP server.

Now if a new virus infects this machine which the AV and firewall does not
stop then surely on the same premise the internal network in the company is
also still at risk, whilst also not being protected internally or indeed at
the perimeter.

So it very much an oxymoron is it not?  

So lets take this a little further.  Lets say that the laptop is not
connected to the internal network or indeed the internet and so does not get
any AV updates for perhaps a week.  The user slaps in a floppy or CDR with a
virus on it.  The machine is then infected.  The user unknowingly returns to
work and connects the machine to the lan.  The lan will be up to date in
respect to AV defs and therefore *should* not be affected.  Rather internal
AV systems will light up like xmas trees.

If neither the internal network or laptop is protected then yes, machines
are going to be raped.  However if that's the case then there not much hope

That's my five pence,

James Saveker

"The only thing which helps me maintain my slender grip on reality is the
friendship I share with my collection of singing potatoes..."

The information contained in or attached to this correspondence is intended
only for the use of the individual or entity to which it is addressed. If
you are not the intended recipient, or a person responsible for delivering
it to the intended recipient, you are not authorised to and must not
disclose, copy, distribute, or retain this message or any part of it. It may
contain information which is confidential and/or covered by legal
professional or other privilege (or other rules or laws with similar effect
in jurisdictions outside England and Wales).

This e-mail has been virus checked by Sophos Mail Monitor. There are
inherent dangers in the opening any Attachments contained within e-mails.
wetgoat.net cautions you to make sure that you completely understand the
potential risks before opening any of the Attachments. You are solely
responsible for adequate protection and backup of the data and equipment
used in connection with this e-mail service, and wetgoat.net will not be
liable for any damages that you may suffer in connection with using,
modifying or distributing any of the Attachments.

Attachment: smime.p7s

  By Date           By Thread  

Current thread:
  • RE: Re: Microsoft Security? Real LANs[Scanned] James P. Saveker (Mar 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]