> -----Original Message----- > From: H C [mailto:[EMAIL PROTECTED]] > Sent: January 30, 2003 13:13 > > Unfortunately, some of what you're asking isn't really > the issue you may think it is...for example, "no > remote access via modem" (depending on exactly what > you mean). Remote access isn't that much of a > security risk, as long as it's implemented, > configured, and managed/monitored appropriately.
Relatively few things are much of a risk if implemented, configured, and managed/monitored appropriately. But doing so is a lot harder for some things than for others. My own feeling is that operating banks of modems and terminal servers is best left to ISPs, and so official dial-up remote access simply rolls into remote network access. On the other hand, users setting up their own dial-in modems at their desks is virtually impossible to "implement, configure, and manage/monitor appropriately". > W/ regards to "no weak passwords", that's easy > enough...MS released a security advisory in Aug, and > re-released it in Sept. Evidently there was a rash of > systems getting infected w/ IRC bots, due to weak or > non-existant Administrator passwords. The "Lioten" worm that struck in early December used a short list of trivial passwords such as "12345". .1% compromise (4 machines out of 4000) by it was enough to cripple one of our less-restricted networks for two days. David Gillett
