'A constructive addition to this thread'
Just because you patch your servers, doesn't mean you aren't open to Nimda.
Remember it spreads in many more ways than code red, it is NOT just an IIS
hole.
- If your server had remnants of code red II, even if you've patched, the
patches didn't fix the code red II damage, you are open to attack.
- If one of your workstations either received an email with the readme.exe
or browsed a web page (or someone on the server itself) of an infected
server, you are open to attack.
- If you have open file shares to the server for maintenance from a
workstation, and your workstation gets it, your server is open to attack.
Luckily, we have not been hampered by Nimda (besides an increase in
traffic). But this is only because when the first Code Red started going
around, I went end to end in our network making sure security was tightened,
patches were installed, AV was up to date on each and every workstation. I
like many was way out of date on a lot of our machines.
I have a customer who I worked with to get Code Red off of their server.
Applied all of the patches, and coached her on keeping up on patches and AV.
Two weeks ago they added a workstation to the network, never put AV on it,
it got an infection via email, and it spread to half of their network that
hadn't had it's virus defs updated after Sep 18th (the day that virus defs
were published by most everyone for Nimda).
Is Microsoft just that lousy? I think it has tons of room for improvement,
but I think it is also being targeted mainly because of "Virus Marketing" -
what can I write a virus for that will reach the largest demographic? Both
sides can be argued very well, but as administrators we have the choice to
either migrate our entire networks to other OS's (which might be a target
later down the road), or take on the extra responsibility to keep on top of
the OS's we have, down to the stupid workstation that sits in the corner.
My $0.02 :-)
Tony Gray
Intouch Communications, Inc.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> andyb@thumpernet
> Sent: Wednesday, September 26, 2001 10:17 AM
> To: [EMAIL PROTECTED]
> Subject: Re[2]: [IMail Forum] OT: IIS
>
>
> My web server *was* patched and it got the virus *anyway*. Same thing
> for another web server admin near here.
>
> Thanks, andyb
> [EMAIL PROTECTED]
>
> Tuesday, September 25, 2001, 4:45:43 PM, you wrote:
>
> JT> Even better, cheaper, faster. Keep up to date with patches and Service
> JT> Packs. Like I said earlier, the patch that would keep Nimba at bay was
> JT> posted on Microsoft's website in October of 2000.
>
> JT> John Tolmachoff, Network Engineer
>
> JT> 211 E. Imperial Hwy., Suite 106
> JT> Fullerton, CA� 92835
> JT> 714-578-7999, ext. 104
> JT> [EMAIL PROTECTED]
> JT> www.reliancesoft.com
> JT> �
>
>
> JT> -----Original Message-----
> JT> From: [EMAIL PROTECTED]
> JT> [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Beach
> JT> Sent: Tuesday, September 25, 2001 6:20 AM
> JT> To: [EMAIL PROTECTED]
> JT> Subject: [IMail Forum] OT: IIS
>
> JT> For all of you IIS Admins out there:
>
> JT> "Gartner recommends that enterprises hit by both Code Red and Nimda
> JT> immediately investigate alternatives to IIS, including moving Web
> JT> applications to Web server software from other vendors, such
> as iPlanet
> JT> and
> JT> Apache," explains Gartner's John Pescatore.
>
> JT> Complete article:
> JT> http://www.theregister.co.uk/content/4/21853.html
>
> JT> -Bill
>
>
> JT> Please visit http://www.ipswitch.com/support/mailing-lists.html
> JT> to be removed from this list.
>
> JT> An Archive of this list is available at:
> JT> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
> JT> Please visit http://www.ipswitch.com/support/mailing-lists.html
> JT> to be removed from this list.
>
> JT> An Archive of this list is available at:
> JT> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
