Maybe it's time to experiment with IPSEC and a CA so that only domain member computers can get to any domain resources... It's something I have on my radar for this year. Secure the resources, and the network becomes empty hallways, with nowhere for a non-domain PC to go but out to the internet...
********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Thursday, March 03, 2005 6:29 AM > To: [email protected] > Subject: RE: [ActiveDir] worm/bot issues > > more often than I care for... > > i'm assuming, since my clients are patched and up to date, > that these are coming from people outside the company with > infected laptops and are spreading via weak or no passwords > on the local admin accounts on the client boxes. > My servers never get infected and all have strong local admin > passwords. > i think running a logon script to change all the local admin > passwords to something complex will help. > unfortunately we are a liquor distributor and we have > suppliers come in from other companies with laptops who want > to plug into out network for internet access. management > won't let me allot them a room that I can put on a locked > down vlan(though they are willing to invest $$ in the Cisco > Secure Access solution?!!), so i'm knda screwed on that point. > hopefully changing the passwords will help(unless you have > any other ideas) > thanks > > > > Douglas M. Long wrote: > > Tom, > > > > Am I wrong, or do you constantly have these worms/virus problems? > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > > Sent: Wednesday, March 02, 2005 10:51 AM > > To: ActiveDir (E-mail) > > Subject: [ActiveDir] worm/bot issues > > > > Hi all, i have users that keep getting infected with a worm Symantec > > calls "W32.Spybot.KHO". The thing keeps coming back unless > you disable > > file and print sharing. > > The thing I don't understand is that all my clients(winxp) > virus defs > > are up to date and they are all patched. I use SUS and push out > > patches on a regular basis. I even ran MS baseline security analyzer > > on the infected boxes and they come up good for up to datedness. > > I don't really understand how an up to date patched pc can become > > infected over and over. > > according to Symantec, the holes that this thing exploits, i've had > > covered awhile ago. > > is it possible to be patched and up to date and STILL get infected? > > is there anyway out of this quagmire? > > thanks > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
