Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Portable App

  1. #11
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    You still did not quite cover MLF's questions

    What was executed ...with administrator privledges...on a server?? and how?

    What was the role of this server??

    How did the lack of a AV cause an infection?? It is a reactive approach?
    Both our servers are logged on with ADMINISTRATOR at all times. Dont ask my why. I believe it started duplicating files on a share that the marketing department uses and then just spread like wild fire.
    There is no problem with leaving a server logged on as administrator, in fact it can prevent a console remote login by another user (although security policies should be preventing this anyway)..... In saying that, if the server is left unattended, the user should lock the computer, requiring to enter the password again to access.

    Also, depending on software installed, it may need a user account logged on to work (Read: Application based feed Vs. Installed Service)
    Last edited by CybertecOne; October 27th, 2008 at 02:39 PM.
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  2. #12
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi there,

    Well my issue mainly with the Av on the server is that it did not pick it up.

    Will reply fully when I get home.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  3. #13
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    What is the specific AV Product?
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  4. #14
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hey there guys

    The specific AV product is Panda for Enterprise. Basically this is a proactive and a reactive product. The malware was not in our signature file however Pandas technologies such as "Truprevent" which is deep code scan for behavior analysis should have picked it up. This is my issue.

    EDIT: The servers role is it hosts a number of applications expect our mail.
    Last edited by Cider; October 28th, 2008 at 12:00 PM.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #15
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    if a shared directory on a server gets infected...there should be no way it affects the OS of the server unless the user\client that got infected had domain admin privledges...and still domain admin is not server admin.

    My point is the server should not have gotten infected if security is set correctly and it is patched.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #16
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    MLF that is a very hard point to sell. For what ever reason the AntiVirus vendors have succeeded in scaring the hell out of companies. Even this latest RPC thing lends itself to the need for antivirus software. I still laugh at companies that spend 15k for antivirus licensing.

    I haven't ran antivirus on a server (other than exchange) in like 7 years. Been running exchange without AV for the last two years.

    Vendors constantly want to speak to "management" when they find this out. "Management" explains that we have experienced zero down time due to virus or malicious software in going on 10 years now.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  7. #17
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    It probably was a shared directory - yes. There are about 3 of us with domain admin rights.

    Can you please explain to me how a shared directory on the server that got infected will not/cannot spread to the rest of data on that particular server? What is stopping a virus from spreading to a non shared folder or files?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  8. #18
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Quote Originally Posted by dinowuff View Post
    MLF that is a very hard point to sell. For what ever reason the AntiVirus vendors have succeeded in scaring the hell out of companies. Even this latest RPC thing lends itself to the need for antivirus software. I still laugh at companies that spend 15k for antivirus licensing.

    I haven't ran antivirus on a server (other than exchange) in like 7 years. Been running exchange without AV for the last two years.

    Vendors constantly want to speak to "management" when they find this out. "Management" explains that we have experienced zero down time due to virus or malicious software in going on 10 years now.
    Hi there,

    I am very intrigued by this comment/s of yours. Please explain to me in detail how the hell you are protecting your company with no AV packages running? Running exchange 2007 I presume. Please explain.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  9. #19
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    You should really read this.


    http://technet.microsoft.com/en-us/l.../cc163140.aspx

    I have not had a realtime virus scanner on my server in years.....we do real time scan mail and clients. Absolutley 0 downtime due to a virus in 8 + years. Also our mailserver strips certain attachments.

    No one runs as domain administrator on a day to day basis....if admin duties need to be performed ...the domain admin account is used...and then logged off and a relogged in a a domain user.

    If a domain administrator account becomes compromised you risk your whole network!

    Also...you can restrict access to shared folders through permissions. I am sure say production or sales users dont have access to finance folders or other users folders....or do they???
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #20
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Quote Originally Posted by Cider View Post
    Hi there,

    I am very intrigued by this comment/s of yours. Please explain to me in detail how the hell you are protecting your company with no AV packages running? Running exchange 2007 I presume. Please explain.
    WOW Now that's a request!

    First off read the link MLF provided.

    Second, I use CISCO products not ISA so there is a difference there.

    Third MXLogic

    Fourth Websense

    Now I must say that I only patch things that I allow on my network. I DO NOT RANDOMLY PATCH EVERYTHING THAT COMES DOWN THE PIPE! Make that your #1 rule

    I do not allow IMCP in or out of the network unless it's port 25. Which means I can't even do a tracert to you from my workstation (USE DNSSTUFF instead)

    I deny all but email traffic. 80 and 8080 are on a seperate vlan Many CiOS rules there.

    NO ONE has admin or power user rights. Many AD policies modified so users can still configure their bells and whistles.

    If MXLogic is down or unavaliable, I do not recieve any email

    If web sense is down NO INTERNET ACCESS for anyone

    All end point devices (even remote users) must use MY equipment, and MY gateway. Again AD rules.

    No bootable USB devices. Only administrators can boot from CD

    Only the one mail server has a gateway. THERE ARE NO INTERNET GATEWAYS on my servers. Servers are locked with a domain account. And in a secure data center.

    Layer 3 SNMP traps and mac filtering enterprise wide

    The bottom line theroy is do all your scanning - filtering either off the network or on the other side of the gateway.

    End point security and layer 3 threats are #1.

    Don't allow remote access ssl or rdp to a server unless you are 100% sure security is set correctly. If remote control is not needed, uninstall the service. DO NOT DISABLE uninstall. A service or program cannot be exploited if it is not installed.

    Research windows 2008 and M$ Virtual server.


    DO NOT INSTALL VISTA ANYWHERE ON YOUR NETWORK

    That's just the tip of the ice burg.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Similar Threads

  1. Booting Linux from Simpletech Portable hd
    By C:\Saw in forum Operating Systems
    Replies: 5
    Last Post: February 20th, 2008, 07:26 PM
  2. how to make a program portable?...
    By acdspit00 in forum AntiOnline's General Chit Chat
    Replies: 25
    Last Post: September 8th, 2006, 10:33 AM
  3. Portable Nmap
    By treanglin in forum Security News
    Replies: 1
    Last Post: August 17th, 2006, 02:59 PM
  4. Portable Linux
    By muert0 in forum Operating Systems
    Replies: 1
    Last Post: August 27th, 2004, 03:14 AM
  5. C++ portability guide
    By tampabay420 in forum Programming Security
    Replies: 2
    Last Post: February 14th, 2003, 02:36 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •