On Fri, 2003-09-26 at 22:57, Paul Schmehl wrote: > We're working on a "jail vlan" concept now, where "evil" computers go. > They get access to email (so they can beg for forgiveness), a web page that > says, "You naughty, naughty boy" and access to one website - their vendor > of choice's patch site - so they can fix their problem.
I imagine mail out of that subnet passes through a proxy server with spam and virus detection. This is a cute concept Paul. You've got a pretty challenging environment there, and this looks like a creative and functional help for you. It will be interesting to hear how well this ends up working for you and what evolution it goes through. For instance, if your security policy includes supporting diversification, you could add connections to mirrored Linux and/or (Net|Free|Open)BSD distros (which would be easy enough to mirro locally). Maybe this concept is already widely in use at academia. If it is not, it may soon be. -- Karl DeBisschop <[EMAIL PROTECTED]> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
