FW: Worms versus Bots

• Previous message (by thread): FW: Worms versus Bots
• Next message (by thread): FW: Worms versus Bots
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:35 PM 5/4/2004, Smith, Donald wrote:
>Daniel I agree a nat/firewall/router with acl's ... will all help
>prevent windows compromises.
>I believe security in depth is an essential element of any good security
>system.
>
>The goal of this document is help new XP users survive long enough to do
>their updates.
>Many of them cant/wont put up acls/nat/firewalls

Note that I said "have this NAT box in your bag." My suggestion is that 
this be used during installation.

Is $50 too high an extra expense to suggest people just buy one with the 
machine, and use it as a tool for doing installations? That's what I was 
suggesting.

For the money, this is FAR better protection than that provided by the 
document.

>... but if they follow
>the steps listed they have a better chance of
>successfully downloading and updating their new machine then they will
>have with OUT these steps.
>It is not meant as a complete XP hardening document. There are lots of
>documents that discuss in detail how to harden
>windows (xp,nt,2k...).
>
>Donald.Smith at qwest.com GCIA
>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
>pgpFingerPrint:9CE4 227B B9B3 601F B500  D076 43F1 0767 AF00 EDCC
>kill -13 111.2
>
> > -----Original Message-----
> > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On
> > Behalf Of Daniel Senie
> > Sent: Tuesday, May 04, 2004 9:39 AM
> > To: Sean Donelan
> > Cc: nanog at merit.edu
> > Subject: RE: FW: Worms versus Bots
> >
> >
> >
> > At 10:54 AM 5/4/2004, Sean Donelan wrote:
> >
> > >On Tue, 4 May 2004, Smith, Donald wrote:
> > > > If you follow these steps outlined by SANS you should be able to
> > > > successfully update and NOT get infected. This is short,
> > easy, fully
> > > > documented (with pictures :)
> > > > http://www.sans.org/rr/papers/index.php?id=1298
> > >
> > >The risk is smaller, but still exists if you follow these directions
> > >for XP pre-SP2.  See the Microsoft release notes for XP SP2
> > for details
> > >about the fix.
> > >
> > >If you do not have XP SP2, you need to disconnect your computer from
> > >the network prior to every boot cycle until it is fully patched.
> >
> > A much simpler mechanism than that described by SANS is to
> > have a small,
> > cheap NAT box in your bag (e.g. D-Link DI-604 or similar).
> > Worth the $50
> > cost to have one available. Put the little router between the
> > new machine
> > to be brought up and whatever network you have access to. Now
> > you can bring
> > up the new machine and update it without having it get
> > instantly infected.
> > (Use some common sense... don't set up email until the
> > machine is patched,
> > or use any other sort of mechanism to pull in potential
> > viruses before
> > patching is done).
> >
> > (To deflect the inevitable "NAT is not a firewall"
> > complaints, the box is a
> > stateful inspection firewall -- as all NAT boxes actually are).
> >
> >

• Previous message (by thread): FW: Worms versus Bots
• Next message (by thread): FW: Worms versus Bots
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]