RE: [Full-Disclosure] "MS Blast" Win2000 Patch Download

["James Patterson Wicks" <pwicks@oxygen.com>]

I guess we just have a diferent approach to laptops and the corporate environment than others.  The only way a laptop can be plugged into our network is if it has been cleard by the IS department.  The MAC are recorded, and only recorded MAC can gain network access (Yes someone can spoof a MAC, but if a person savy enough to do that has physical access to the network, you had better have good monitoring in place).  Each user-owned laptop has to meet certain criteria as far as software firewall and anti-virus software is concerned.  Since we issue most of the laptops to our users, they only have restricted accounts and cannot disable the firewall or antivirus software.  Even those with administrator access need a password to uninstall or disable the software.  Corporate security is an ever-changing, politically-challenged world to live in.  The bottom line is always the dollar.  When you have to expend extra resources to combat every new threat to security because of a lax se!
 curity policy, you should document the real dollars associated with fighting the threat.  A VP sends a virus to the whole company because he let his kid use AOL on his laptop on the weekend?  Send his department the charge back for the clean up effort.  We did it here, and would be amazed at how seriously departments regarded network security after that. 



-----Original Message----- 
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] 
Sent: Thursday, August 14, 2003 2:56 PM 
To: James Patterson Wicks 
Cc: full-disclosure@lists.netsys.com 
Subject: Re: [Full-Disclosure] "MS Blast" Win2000 Patch Download 


On Thu, 14 Aug 2003 13:15:19 EDT, James Patterson Wicks <pwicks@oxygen.com>  said: 

>  If the environment is so bad that you cannot even do that, then you should 
> be surfing Monster.com for a new job rather than ranting at people on this 
> forum for offering sound suggestions to combat the problem. 

Well, the reason it attracted the rant was because the rant was right on point. 

> > It's probably worth mentioning even more that if you have 
> > port 135 bocked on your firewall, you wouldn't have to worry 
> > about it :( 

The point is that you *DO* still have to worry about it. 

I'm glad to see that both the author of this quote (attribution lost, orry) and 
yourself, in your national enterprise that blocks port 135 at the border, has 
managed to implement *strict* security on laptops, guaranteeing that no machine 
ever connects to an outside network and then to an inside one in such a way as 
to possibly bring something in. 

There was mention made on one of the other lists that a site *HAD* blocked 135 
at the border before the worm even made an appearance, and were congratulating 
themselves on their foresight.  Two whole hours later, they were fighting an 
outbreak inside their network. 

Remember - all it takes is *ONE* laptop.... 



This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@oxygen.com and destroy all electronic and paper copies of this e-mail.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html