If I had my way at a large enterprise, I'd only be allowing access via RDP or ICA through SSL VPNs, preferably with two-factor RSA authentication.
Ideally from thin clients. I'd happily send them home to employees preconfigured. -- Durf On Thu, Oct 23, 2008 at 9:00 PM, Steven Peck <[EMAIL PROTECTED]> wrote: > I mentioned to our security team, that tomorrow, we should do an > announcement encouraging our users to update their home systems. So > they understand how serious this sort of issue is. We can use this as > a positive opportunity to maybe, just maybe help prevent them from > getting something infected on their system. They thought it was an > excellent idea. > > Steven > > On Thu, Oct 23, 2008 at 5:52 PM, Durf <[EMAIL PROTECTED]> wrote: > > Exactly. Think of all the poor suckers who install Antivirus XP 2009 > > without a care in the world. > > > > As soon as that sucker incorporates this exploit, things will get > hopping. > > > > -- Durf > > > > On Thu, Oct 23, 2008 at 8:49 PM, Carl Houseman <[EMAIL PROTECTED]> > wrote: > >> > >> All it takes is a hacked website serving up an .exe to a browser user > who > >> happily runs it. > >> > >> > >> > >> Carl > >> > >> > >> > >> From: Michael B. Smith [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, October 23, 2008 7:22 PM > >> To: NT System Admin Issues > >> Subject: RE: Out of Cycle Critical Windows Patch to be released today, > >> stay tuned > >> > >> > >> > >> All it takes is one VPN'ed computer that is infected to compromise the > >> enterprise. > >> > >> > >> > >> Regards, > >> > >> > >> > >> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP > >> > >> My blog: http://TheEssentialExchange.com/blogs/michael > >> > >> Link with me at: http://www.linkedin.com/in/theessentialexchange > >> > >> > >> > >> From: Ken Schaefer [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, October 23, 2008 7:17 PM > >> To: NT System Admin Issues > >> Subject: RE: Out of Cycle Critical Windows Patch to be released today, > >> stay tuned > >> > >> > >> > >> I think having firewall enabled by default on Windows XP SP2+ and > Windows > >> Vista will help mitigate the issue in consumer land. > >> > >> > >> > >> Some of the orgs I work in now use router ACLs or FW rules to block RPC > >> traffic across subnets/VLANs. That will help mitigate the issue as well > >> > >> Cheers > >> > >> Ken > >> > >> > >> > >> From: Kennedy, Jim [mailto:[EMAIL PROTECTED] > >> Sent: Friday, 24 October 2008 8:42 AM > >> To: NT System Admin Issues > >> Subject: RE: Out of Cycle Critical Windows Patch to be released today, > >> stay tuned > >> > >> > >> > >> Prior to me being here this district ignored Code Red. They got nailed > bad > >> and had to shut down for a week and go re-image 3000 computers. Feel > free to > >> quote me on that if you need to J > >> > >> > >> > >> > >> > >> > >> > >> From: Ziots, Edward [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, October 23, 2008 5:28 PM > >> To: NT System Admin Issues > >> Subject: RE: Out of Cycle Critical Windows Patch to be released today, > >> stay tuned > >> > >> > >> > >> I work at a hospital too, and this situation is a ohh well take NO for > an > >> answer, I have ran it all the way to the top here, and said its getting > >> done, I don't care about the downtime its better to swallow the pill now > >> then clean up the mess laters. > >> > >> > >> > >> I also come in early in mornings ( Like 3:00am or earlier to patch my > >> systems each month) > >> > >> > >> > >> So I feel your pain. > >> > >> > >> > >> Z > >> > >> > >> > >> Edward E. Ziots > >> > >> Network Engineer > >> > >> Lifespan Organization > >> > >> MCSE,MCSA,MCP,Security+,Network+,CCA > >> > >> Phone: 401-639-3505 > >> > >> ________________________________ > >> > >> From: Chinnery, Paul [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, October 23, 2008 5:26 PM > >> To: NT System Admin Issues > >> Subject: RE: Out of Cycle Critical Windows Patch to be released today, > >> stay tuned > >> > >> > >> > >> Must be nice. I work in a hospital so all of the clinical pc's are > always > >> on. The only thing we could do was to set up the reboot for 3:30 AM > (same > >> time as when I or my buddy have to do a real early shift to install > patches > >> and reboot servers.) > >> > >> > >> > >> ________________________________ > >> > >> From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, October 23, 2008 11:16 AM > >> To: NT System Admin Issues > >> Subject: RE: Out of Cycle Critical Windows Patch to be released today, > >> stay tuned > >> > >> And it does require a reboot after install. I hate when out of cycle > >> patches require reboots. I prefer when my users don't know. > >> > >> > >> > >> > >> > >> From: Ziots, Edward [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, October 23, 2008 6:28 AM > >> To: NT System Admin Issues > >> Subject: Out of Cycle Critical Windows Patch to be released today, stay > >> tuned > >> Importance: High > >> > >> > >> > >> Heads up gang, more patching for this month, this one out of cycle and > >> critical no additional information yet. > >> > >> Z > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > > > > -- > > -------------- > > Give a man a fish, and he'll eat for a day. > > Give a fish a man, and he'll eat for weeks! > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > -- -------------- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
