Firewall Wizards mailing list archives
Re: Worms, Air Gaps and Responsibility
From: jseymour () LinxNet com (Jim Seymour)
Date: Thu, 6 May 2004 17:05:55 -0400 (EDT)
Devdas Bhagat <devdas () dvb homelinux org> wrote:
On 06/05/04 10:34 -0400, Paul D. Robertson wrote:
[snip]
I understand where you're coming from, I'd just like to see us all make more coordinated and extensive efforts to revisit the "connectivity trumps all" mantra.Let me ask a harder question: How do you get the horse to drink? Connectivity shows profits in the balance sheet. Security shows up as expenses. Lack of downtime does not show up.
I don't give management options. Or, more accurately, the only options I give them are ones with a level of security with which I'm comfortable. "Comfortable" == I take *personal* ownership of its functionality and its security, 24x7x365. If they should happen to discover, through no fault of my own, there's a "cheaper," less-secure way, and they want to force me to implement it: Fine. I'll do it. But when the wheels fall off (not "if," but "when"): Don't be callin' *me* in the middle of the night, over the weekend, or while I'm on vacation, cryin' about it.
[snip]
Note that having one cheap administrator dedicated to cleaning up viruses often works out cheaper than having an antivirus everywhere and kept up to date.
[snip] My work domain isn't all that big, but even *I* can't agree with that. I've seen cases, on MS desktops/laptops, of viruses/worms/trojans or spyware that took literally *hours* and *hours* to eradicate. Just on one machine. Theoretically, one could image the "official desktop" and, when something really ugly like that reared its head, simply wipe the install and drop the new image on the box. Of course, when you've a typical environment, with everything from Win95 to WinXP Pro, and a mix of hardware that's even more varied, that's not practical. Strong perimeter defense. Reasonable internal defenses where you can. (E.g.: At internal "border" points.) Strong user education. Shun typically exploit-prone client apps. Keep the A/V and spyware stuff up-to-date. Keep the patches up-to-date. That is the order in which I rate the importance of my defenses. We're had one (1) get past us in the last five years. No, make that two. The first was imported the good old way: On a floppy or a CD-ROM, from a trusted partner firm. The person who let it into his computer didn't like to run A/V software. (That problem has been solved.) It didn't get far at all. The second, more recent, was MyDoom. That was *pure* happenstance. It came in .zip file form, it came from somebody somebody knew, *and* the target at work was expecting an emailed attachment from that specific person. It didn't get far, either. (Luckily, it arrived late. Most of its internal targets had shut-down/logged-off for the afternoon. I was able to stop it in its tracks by the simple expedient of killing smtpd and pop*d, sanitizing the mail spool and then putting up the appropriate internal filters before firing-up the daemons again. Lucked-out on that one, I did ;).) -- Jim Seymour | Spammers sue anti-spammers: jseymour () LinxNet com | http://www.LinxNet.com/misc/spam/slapp.php http://jimsun.LinxNet.com | Please donate to the SpamCon Legal Fund: | http://www.spamcon.org/legalfund/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Mordechai T. Abzug (May 06)
- Re: Worms, Air Gaps and Responsibility Jim Seymour (May 06)
- Re: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 06)
- Re: Worms, Air Gaps and Responsibility Carson Gaspar (May 07)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 05)
- RE: Worms, Air Gaps and Responsibility Carson Gaspar (May 05)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 05)
- RE: Worms, Air Gaps and Responsibility Carson Gaspar (May 06)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 06)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 06)
- Re: Worms, Air Gaps and Responsibility Jim Seymour (May 06)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Mark Gumennik (May 08)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 08)
- Re: Worms, Air Gaps and Responsibility Erick Mechler (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Erick Mechler (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- RE: Worms, Air Gaps and Responsibility Carson Gaspar (May 05)
- Re: Worms, Air Gaps and Responsibility Mordechai T. Abzug (May 06)