Security Basics
Network Segregation to prevent spread of malware Jan 22 2013 05:33PM
tomright006 gmail com (2 replies)
Re: Network Segregation to prevent spread of malware Jan 23 2013 05:01PM
Vic Vandal (vvandal well com)
Re: Network Segregation to prevent spread of malware Jan 23 2013 12:07PM
Jerry Bell (jerry riskologist com) (4 replies)
Re: Network Segregation to prevent spread of malware Jan 24 2013 02:48PM
Sagar (sagarnseas gmail com) (1 replies)
Re: Network Segregation to prevent spread of malware Jan 25 2013 03:43PM
Alex Creek (acreek83 yahoo com)
Re: Network Segregation to prevent spread of malware Jan 23 2013 01:48PM
Dave, Manish, R. - ESIL \(MUM\) (Manish Dave essar com)
AW: Network Segregation to prevent spread of malware Jan 23 2013 01:43PM
Mohammad Ilyas (m ilyas itsecc com) (1 replies)
RE: Network Segregation to prevent spread of malware Jan 25 2013 01:47AM
Mohammad Ellyas Bin Hashim (ellyas hashim vads com)
Re: Network Segregation to prevent spread of malware Jan 23 2013 01:07PM
Rob (synja synfulvisions com) (6 replies)
RE: Network Segregation to prevent spread of malware Jan 24 2013 12:04AM
David Gillett (gillettdavid fhda edu)
Re: Network Segregation to prevent spread of malware Jan 23 2013 07:28PM
DaKahuna (da kahuna gmail com)
Re: Network Segregation to prevent spread of malware Jan 23 2013 07:12PM
Michael Peppard (mpeppard impole com)
Re: Network Segregation to prevent spread of malware Jan 23 2013 03:41PM
Steve Figures (sfigures gmail com) (1 replies)
RE: Network Segregation to prevent spread of malware Jan 25 2013 02:19PM
Mcmillan, Arlan (Arlan Mcmillan cityofchicago org)
RE: Network Segregation to prevent spread of malware Jan 23 2013 02:30PM
Daniel Buentello \(Corp - MEIMail\) (Daniel Buentello meitechinc com)
Win32.changeup is a good example of how malware can overcome network segmentation. It uses mapped drives to propagate to other areas of the network.

-Daniel B

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Rob
Sent: Wednesday, January 23, 2013 7:07 AM
To: Jerry Bell; listbounce (at) securityfocus (dot) com [email concealed]; tomright006 (at) gmail (dot) com [email concealed]
Cc: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Network Segregation to prevent spread of malware

Additionally, the services commonly used for worm propagation (RDP/TS, RPC, etc) are also used heavily for domain operations anyway.

For many environments this would be one step forward, two steps back in terms of security.

Rob
Sent on the Sprint(r) Now Network from my BlackBerry(r)

-----Original Message-----
From: Jerry Bell <jerry (at) riskologist (dot) com [email concealed]>
Sender: listbounce (at) securityfocus (dot) com [email concealed]
Date: Wed, 23 Jan 2013 07:07:25
To: tomright006 (at) gmail (dot) com [email concealed]<tomright006 (at) gmail (dot) com [email concealed]>
Cc: security-basics (at) securityfocus (dot) com [email concealed]<security-basics (at) securityfocus (dot) com [email concealed]>
Subject: Re: Network Segregation to prevent spread of malware

Hi Tom,

The answer is 'it depends', but probably no. If you are talking about a classic company network and dividing workstations into separate networks to prevent cross contamination, you have to consider the pivot points for most malware - email, file shares, etc, which can still allow malware to propagate between networks even if no traffic is allowed directly between them. Some kinds of malware, notably worms who propagate directly from one system to another via some kind of remotely exploitable vulnerability, would be contained by network segmentation, however those sorts of events are becoming increasingly rare (however when they do happen, they tend to be big events).

Jerry

Sent from my iPhone

On Jan 22, 2013, at 5:33 PM, tomright006 (at) gmail (dot) com [email concealed] wrote:

> Hello All,
>
> I need few tips on Network Segregation to prevent spread of Malware. Can I avoid Malware spreading from one network segment to another just by segregating network with access list or firewalls?
>
>
> Thanks,
>
> Tom
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Network Segregation to prevent spread of malware Jan 23 2013 01:49PM
Jeffrey Walton (noloader gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus