We use PIX firewalls. As Todd said, the idea is to block everything by default, then open up what you specifically need. Then you just have to keep up with the critical patches for the services you have open.
As far as I know, no exploit has come out sooner than a month after a patch for the security hole was released. That will likely change in the future, so patch/update management is going to become a much more onerous task than it already is. Anything we can do to minimize the security risks up front, we should. It may even become necessary to start applying patches automatically in the future, but this is a dangerous policy at present. Darin. ----- Original Message ----- From: "Todd Hunter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 22, 2004 6:08 AM Subject: Re: Re: [Declude.JunkMail] BlackIce Sorry to hear about your troubles. We keep everything closed and only open the port for each specific IP that we need. We dont use the PIX so I am not familiar with them, but security should be at the edge of your network in your firewall. If setup properly you should not need the BlackIce. Todd At 11:44 AM 3/22/2004 -0500, you wrote: >Have one. >PIX. > >Problem is we had port 4000 open thought is was harmless. > > > >----- Original Message ----- >From: "Todd Hunter" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Monday, March 22, 2004 5:13 AM >Subject: OT: Re: [Declude.JunkMail] BlackIce > > > > If you have 16 servers then you need to invest in a real firewall. You >can > > get a good hardware firewall for $900 - $3000. > > > > Look at: > > > > www.sonicwall.com > > www.servgate.com > > > > The ServGate Edgeforce is a nice unit and can be upgraded to do virus > > scanning. The also won PC Mag Editors choice award this month. > > > > Good luck. > > > > Todd > > > > > > At 10:43 AM 3/22/2004 -0500, you wrote: > > >We lost 16 Servers. > > > > > > > > >----- Original Message ----- > > >From: "Jason" <[EMAIL PROTECTED]> > > >To: <[EMAIL PROTECTED]> > > >Sent: Sunday, March 21, 2004 9:50 PM > > >Subject: RE: [Declude.JunkMail] BlackIce > > > > > > > > >We had a single Colo'd server fall ill to this vulnerability on Friday > > >night. It wasn't a pretty sight to say the least. > > > > > >Jason > > > > > > > > >-----Original Message----- > > >From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED] On Behalf Of Mike Wiegers > > >Sent: Sunday, March 21, 2004 6:51 PM > > >To: [EMAIL PROTECTED] > > >Subject: RE: [Declude.JunkMail] BlackIce > > > > > > > > >Thanks for the heads up on this. Unless you have updated your BlackICE > > >in the last week you are at risk. > > > > > >http://xforce.iss.net/xforce/alerts/id/166 > > > > > >http://www.eeye.com/html/Research/Advisories/AD20040318.html > > > > > > > > >-----Original Message----- > > >From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED] On Behalf Of Frederick > > >Samarelli > > >Sent: Sunday, March 21, 2004 5:17 PM > > >To: [EMAIL PROTECTED] > > >Subject: [Declude.JunkMail] BlackIce > > > > > >Warning for anyone using BlackIce. > > > > > >We were hit by a destructive worm. > > >http://www.washingtonpost.com/wp-dyn/articles/A11310-2004Mar20.html > > > > > >Destroyed most of our servers. > > > > > >We are in the process of recovering from backups. > > > > > >Fred > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > > >(http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.JunkMail mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > >"unsubscribe Declude.JunkMail". The archives can be found at > > >http://www.mail-archive.com. > > > > > > > > >[AUTOMATED NOTE: Your mail server [209.184.248.29] is missing a reverse > > >DNS entry. All Internet hosts are required to have a reverse DNS entry. > > >The missing reverse DNS entry will cause your mail to be treated as spam > > >on some servers, such as AOL.] > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > > >(http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.JunkMail mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > >"unsubscribe Declude.JunkMail". The archives can be found at > > >http://www.mail-archive.com. > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > > >(http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.JunkMail mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.JunkMail". The archives can be found > > >at http://www.mail-archive.com. > > > > > >--- > > >[This E-mail was scanned for viruses by Declude Virus > > >(http://www.declude.com)] > > > > > >--- > > >This E-mail came from the Declude.JunkMail mailing list. To > > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > >type "unsubscribe Declude.JunkMail". The archives can be found > > >at http://www.mail-archive.com. > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. _____________________________________ [This E-mail virus scanned by 4C Web] _____________________________________ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
