|
|
Focus on Microsoft
RE: Browser Vulns Jul 14 2004 03:27PM Eric McCarty (eric lawmpd com) (1 replies) RE: Browser Vulns Jul 17 2004 02:09AM Laura A. Robinson (laurarobinson earthlink net) (2 replies) RE: Browser Vulns Jul 19 2004 06:39PM Harlan Carvey (keydet89 yahoo com) (1 replies) |
|
Privacy Statement |
practices" of Egress filtering. Anyone have [besides going down the
IANA port listing] a rogues gallery of ports that need to be proactively
blocked? Going down the Snort rule database would probably be a start,
too I guess... ;-)
[I would argue that the incident has occurred and blocking the ports is
just putting a tourniquet on the wound..but ....I digress...
Susan
Laura A. Robinson wrote:
>Just out of curiosity, how many (few) users do you have that this is a
>workable approach? And wouldn't ingress/egress monitoring be more effective
>than poking at cookies?
>
>Laura
>
>
>
>>-----Original Message-----
>>From: Eric McCarty [mailto:eric (at) lawmpd (dot) com [email concealed]]
>>Sent: Wednesday, July 14, 2004 11:27 AM
>>To: James Bowman; focus-ms (at) securityfocus (dot) com [email concealed]
>>Subject: RE: Browser Vulns
>>
>>I prefer Choice E : Education
>>
>>Tell your users what to do and not do, then run desktop
>>auditing software to review browser/cookie history to see
>>violators of the policy and take appropriate action.
>>
>>Patching wont help if no patch exists. Check out Pivx for choice B.
>>
>>Eric
>>
>>-----Original Message-----
>>From: James Bowman [mailto:jim (at) drexel (dot) edu [email concealed]]
>>Sent: Tuesday, July 13, 2004 9:11 PM
>>To: focus-ms (at) securityfocus (dot) com [email concealed]
>>Subject: Browser Vulns
>>
>>
>>
>>
>>Posing a question to Security Managers regarding the massive
>>attention now on browser vulnerabilities.
>>
>>
>>
>>How are you reacting (if at all):
>>
>>A: Patching
>>
>>B: HIPS / HIDS
>>
>>C: Content filtering via proxy
>>
>>D: Other...
>>
>>
>>
>>For those choosing B:, how is your flavor of HIPS / HIDS faring?
>>
>>For those choosing C:, what is working for you, and for
>>either B: or C:, is it signature or PAD based?
>>
>>
>>
>>JB
>>
>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>-------------
>>
>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>-------------
>>
>>
>>
>
>
>-----------------------------------------------------------------------
----
>-----------------------------------------------------------------------
----
>
>
>
>
--
http://www.sbslinks.com/really.htm
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]