-
July 17th, 2003, 07:50 PM
#11
mohaughn- was that an accident or did you just feel it was worth repeating?
I agree that blocking at the firewall is not "sufficient". There were articles earlier this week about how remote users are one of the weakest links to corporate information security for the reasons you cited.
I think that since their IS a patch for this that it may as well be tested and applied.
However, because of MS03-010- for which there is NO patch for NT- you are still vulnerable to other flaws and should block the external ports to minimize your exposure until you can replace or upgrade NT.
-
July 17th, 2003, 08:10 PM
#12
That was a mistake.. I have no idea why it posted my comment twice.. it has been corrected...
I also have just received word from some of my counterparts in our security group that there is rumor going around that a worm that exploits this vulnerability may already be propagating, or soon will be... Of course this may just be a security group creating some FUD to make sure the patch gets deployed.. but these guys normally come into information before it makes headlines.
I am normally really against using a patch that was just released, but in the case of this one.. I think everyone should make sure to apply the patch...
-
July 17th, 2003, 08:52 PM
#13
Mohaughn - Very good point, security in depth should alwyas be implamented.
Some options on the home users would be to
1. make a personal firewall (or better yet a dsitributed firewall like the F-Secure one is) manditory on all VPN machines.
2. This is more expensive but we issue any one ho is working via VPN a laptop that (via busness rules) can only be used for Telecomuting to work. These Laptops are the only things we allow on the VPN
Who is more trustworthy then all of the gurus or Buddha’s?
-
July 21st, 2003, 03:01 PM
#14
Everyones correct
RPC sucks and still all the patched versions of Windows 2000 and XP are vulnerable.
PSSSS...., an exploit causes a buffer overflow and shows the famous read error, this could be exploited remotely to bind a shell to a port so beware, only if you know what i am saying.
best is to seal the port 139 or configure your firewall to drop certain (hmm..) packets.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|