RE: Learn from history?

["Ferris, Robin" <R.Ferris () napier ac uk>]

Hi

A couple of things here that I wanted to comment on:

> 1.  Microsoft already provides that feature

Sure. Yo have no problem about running it automatically?

SMB generally arent worrie about running simething like WIndows Update
automatically, other than the fact that it uses bandwidth that they are
paying for. So there is a costs benefit analysis that needs to be done
there. There is also SUS which a lot of people have started to and are
deploying as we speak. I know for a fact that the norm in the UK higher
education sector is for SUS to be running.

> > > 2. If a patch cannot be installed, find workarounds
> > That does not work with the workarounds customer need to facilitate
> > life (security <> easy of use, remember)

Work arounds donmt have a place in any sort of open user environment
they take too much time to deploy and impose to many problems on the end
user and also need to be undone after the problem is fixed. Way way way
to much work there.

> > > 3. If it is a port-related threat, find out if such ports are 
> > > in use, and if not, make sure they are closed. 
> > Once the virus is on the LAN it can do whatever it wants.
>
> Hello!  Block the ports BEFORE they hit the LAN.  Proactive security.
> Also, do us a favor and don't propogate the shit!

What is all this rubbish about. Roughly 15% of all assests attached to a
networks around the world are unaccounted for!! So how are you meant to
protect yourself against them. Example - firewall blocking all ports,
some one comes in with a laptop thats infected and bobs your uncle you
left scratching your head wondering why your firewall didnt work. lmao
that mi friends is the soft center that the black hat looks for!!

Anyway just my 2 cents worth.

RF

-----Original Message-----
From: Serge van Ginderachter (svgn) [mailto:svgn () orbid be]
Sent: 06 May 2004 10:12
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Learn from history?







> 1.  Microsoft already provides that feature

Sure. Yo have no problem about running it automatically?

> 2.  As soon as possible for "you"

No. As soon as the customer phones asking you to drop by. Meanin: when
it's
too late.
 
> > > 2. If a patch cannot be installed, find workarounds
> > That does not work with the workarounds customer need to facilitate
> > life (security <> easy of use, remember)

> And the computers/networks will be so easy to use when lines 
> are saturated,
>  file systems are corrupted or data are stolen

That's the problem they are prepared to deal with at the moment it
comes.
They think it's cheaper.
 
> > > 3. If it is a port-related threat, find out if such ports are 
> > > in use, and if not, make sure they are closed. 
> > Once the virus is on the LAN it can do whatever it wants.
>
> Hello!  Block the ports BEFORE they hit the LAN.  Proactive security.
> Also, do us a favor and don't propogate the shit!

Well of course they are blocked. But there are other means of coming in
you
know.

> > > Some of the comments overheard this week regarding Sasser:
> > I did propose some firewall, but they feel it's too much EUREUREUREUR
>
> And you provided some sort of analysis showing potential losses due to
> the lack of a security infrastructure, right?  

Well indeed of course not. Customer is not prepared to pay for that kind
of
analysis. 
 
> > > Will they learn from history? Only history will tell.
> > I'm pretty sure they won't. Even most tech guys don't have a clue.
>
> Evidently, thanks for your example.

There's no reason to get personal here. Don't judge me on such a
restraint
discusion.
My only point is, SMB businesses are not prepared to pay for advanced
security, which you say I should provide, and to whick I totally agree. 

Maybe my boss does not have the right business plan and marketing to
'sell'
security. Probably.


Serge

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html