Code Red Reminder

[eric . laney]

This message came out from our Microsoft rep to our IT management team.  I
figure it's worth passing on for those of you who may have similar
situations.

     Microsoft is concerned that you may have most of your resource
focusing on preventing Code Red from coming through their Internet
gateways, while forgetting other major methods of infection.

     Windows 2000 Professional on laptops usually has hibernation
enabled. If Personal Web Server (which is IIS) is installed, and the
laptop gets connected to the Internet from home or another company's
office, it can easily become infected. Since its memory resident, if
hibernation is used during travel back to the office, as soon as the
machine is brought up it can start emitting attacks on your internal
network.

This is true for all variants known to date.

     So don't believe your internal network is secure just because
you block port 80 at your router/firewall. More than a few internal
networks have been infected with Code Red, likely for this reason. If
Code Red has access to a LAN to propagate, it doesn't take long for it
to saturate it.

     Also remember your VPN connections, both your own employees and
any you might have with partners. They often work both ways, more often
than not with only a little filtering (if at all). Home workers might
very well have several computers behind their NAT's gateway, all may
also be able to pump traffic out the VPN (depending on how its
configured). Scanning your own internal address space may not be
sufficient to identify all of possibly infectable machines.

     Is little Johnny's computer (W2K Pro?) at the CEO's home
continually re-infecting your internal network over daddy's VPN?

     Time to take stock of all of the possibilities...it might even
help you get some of your policies effected!

|----------------------------+--------------------------------------------|
|Eric A. Laney               |You will be the victim of a bizarre joke.   |
|Systems Engineer            |                                            |
|LAN Optimization Team       |                                            |
|Verizon Data Services       |                           - Today's Fortune|
|Voice: 813.978.4404         |                                            |
|Pager: 888.985.8519         |                                            |
|----------------------------+--------------------------------------------|





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-community@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists