Richard Forno, 2003-02-05
January's Slammer infection held valuable lessons for all security stakeholders.
Colapse all |
Post comment
Lessons From the Slammer
2003-02-06
Villy.Madsen@Shaw.ca (1 replies)
Villy.Madsen@Shaw.ca (1 replies)
Lessons From the Slammer
2003-02-10
Matt Ostiguy
Matt Ostiguy
You just needed one host exposed/brought in to infect huge lans - see (allegedly) MSFT, HP, etc. If an infected laptop was put into hibernation (this particular nasty didn't write anything to disk - it goes away if machine is power cycled), and brought into a corp and placed behind the firewall, it ...
[ more ] [ reply ]
[ more ] [ reply ]
Lesson Number Four
2003-02-08
Nicholas Weaver (1 replies)
Nicholas Weaver (1 replies)
Human response can NOT stop Internet worms. Sapphire spread worldwide in 10 minutes, and we did not see people stopping it for 3 hours.
As for firewalls, it probably is that many firewalls are misconfigured when it comes to UDP, and a lot of others have the attitude of "That which is not explici...
[ more ] [ reply ]
As for firewalls, it probably is that many firewalls are misconfigured when it comes to UDP, and a lot of others have the attitude of "That which is not explici...
[ more ] [ reply ]
Lesson Number Four
2003-02-11
Villy.Madsen@shaw.ca
Villy.Madsen@shaw.ca
My point exactly..
Misconfigured firewalls & poor security architectures...
Defense in depth means exactly that - You do the best you can with the resources you have available at each point.
A good architecture (network, security, server etc)
Boundary Routers
Firewalls
Hardened systems...
[ more ] [ reply ]
Misconfigured firewalls & poor security architectures...
Defense in depth means exactly that - You do the best you can with the resources you have available at each point.
A good architecture (network, security, server etc)
Boundary Routers
Firewalls
Hardened systems...
[ more ] [ reply ]
Why were affected systems visible to the internet on UDP port 1434 ??? Do organizations actually place their systems out on the internet with no protection at all ???
Or was it a case where there was some protection, but it didn't extend above that magic port 1...
[ more ] [ reply ]