Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security, baby steps ?[Scanned] [Scanned] [Scanned]
From: "Curt Purdy " <purdy () tecman com>
Date: Thu, 18 Mar 2004 15:52:28 -0600

James P. Saveker wrote:
(Guess who's come across waaay too many boxes that the owner didn't know
were compromised because the box knows how to say "You've got Mail!" but
doesn't know how to say "You've got Malware!" ;)


I have seen companies running SBS and using ISP mail accounts when exchange
is part of SBS, madness!  Also they have not got ISA configured correctly,
assuming correctly does not involve a rules allowing all traffic from all
sources to flow bi-directionally.  People that set up servers like that
should be shot, or at least not allowed to practise as consultants.

Personally, I think anybody who sells and setsup a business with SBS should be shot.  Starting with SBS4, it's been a 
piece of crap.  Now to add insult to injury, they put ISA server in there and force you to put your firewall on the 
same box your database server is on.  By license, you cannot put it on a seperate box if you wanted to.  Another sign 
of the total cluelessness of MS on security.

Information Security Engineer
DP Solutions

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- Former White House cybersecurity adviser Richard Clarke 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]