Re: worm + VPN + firewall

["R. DuFresne" <dufresne () sysinfo com>]

On Sat, 16 Aug 2003, Carric Dooley wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I have worked with a client that started getting RPC scans from their VPN
> range the day the worm was released. Luckily they had patched most of
> their systems.
>
> I agree that the VPN segment should be DMZ'd, but typically those users
> have acess to NetBIOS so they can map shares, etc. If you didn't patch,
> you are hosed on this one. Lots of people didn't learn from Nimda.


Even many that tried to patch got slammed here, as the tools to determine
patch level and/or the success of application are not foolproofed.  But,
the biggest thing  is coming out from all the recent worms of the past 2
years or so that have struck the windows platforms is how messed up the
whole patch process is in that realm!  Slammer showed that a patched
system could be made vulnerable again but simply installing new software,
or that even other patches might put the system back into high risk.  I'm
just glad it's not my headache!

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards