> SMB generally arent worrie about running simething like WIndows Update > automatically, other than the fact that it uses bandwidth that they are > paying for.
Down here, most SMB use Internet flat-rate plans, whether it be Dial-up or cable. So that's not an issue. The issue here is *knowledge and awareness*, but not connection. > > >> 2. If a patch cannot be installed, find workarounds > > >That does not work with the workarounds customer need to facilitate > > >life (security <> easy of use, remember) > > Work arounds donmt have a place in any sort of open user environment > they take too much time to deploy and impose to many problems on the end > user and also need to be undone after the problem is fixed. Way way way > to much work there. > In the case of a Windows-based network and excepting W98 and WME boxes, all updates and upgrades can be --and should be-- deployed from 1 machine. Workarounds generally have ultimately to do with registry modifications, which is just a matter of writing a script and deploying it. (Of course, after evaluating cost-benefit, testing, where *not* to install it, etc.) > > >> 3. If it is a port-related threat, find out if such ports are > > >> in use, and if not, make sure they are closed. > > >Once the virus is on the LAN it can do whatever it wants. > > > > Hello! Block the ports BEFORE they hit the LAN. Proactive security. > > Also, do us a favor and don't propogate the shit! > > What is all this rubbish about. Roughly 15% of all assests attached to a > networks around the world are unaccounted for!! So how are you meant to > protect yourself against them. Example - firewall blocking all ports, > some one comes in with a laptop thats infected and bobs your uncle you > left scratching your head wondering why your firewall didnt work. lmao > that mi friends is the soft center that the black hat looks for!! > It is also a matter of well articulated policies. Assumptions ---------------- 1. You have an anti-virus/e-mail/content solution which updates signatures files automatically from the Internet and deploys them automatically to all the boxes in the network, with central alerting capabilities. 2. You have a firewall solution at the point connecting to the Internet/other networks. 3. The laptop is infected with a worm that spreads through specific ports. ---------------- Now, someone comes in with a laptop that is infected and connects to the LAN. When it starts trying to infect external addresses, the firewall catches it. If it tries to infect local machines, the anti-virus software catches it. Supposing you have adequate alerting procedures in place, in both cases, the source of the infection is easy to detect. I�igo Koch Red Segura _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
