Roy Schestowitz wrote:
> ,----[ Quote ]
> | Preparing For Attacks
Which means that you assume that there will be attacks and that they
will be successful.
> | ? Always use licensed software...
Even most malicious shareware is licensed. The license typically
absolves the publisher of any liability and limits the damages to be
recovered to the actual cost of the software.
> | ? Scan all systems regularly...
With what? Let's see, if I have McAffee, Symantic/Norton, and 3-4
anti-spyware programs scan my hard drive and every message and file
being read or written, what exactly will that buy me? It can take a
week or more for updates to these scanners to catch up with the viruses
infecting the machine. By then, even the backups are contaminated.
> | ? Back up all systems on a regular schedule...
What kind of schedule? If I back up once a week, I could lose a week's
worth of work.
If I back up daily, I could contaminate my entire backup.
What do you back up to? USB drives? How many do you need? How are
these drives protected from viruses. Back up to the Network storage?
Expose my computer to a viruse someone else picked up? Not terribly
bright.
> | ? Subscribe to security vendors' e-bulletins...
Just what I need, ANOTHER 300 e-mails per day!
> | ? Set up a response team...
Clearly not working for an SMB! How many FTE's do you suggest I place
on the team?
> | ? Set up a telephone list...
Who you going to call when all the measures above have failed? The
Ghost Busters?
There isn't even enough of an audit trail in Windows to trace the
sources of the attacks.
Several industry pundits say that an exposed computer will be attacked
an average of once every 12 minutes. What's really sad is that the
end-user and system administrators don't even have the basic tools to
know when an attack has occurred, where it came from, when it took
place, and other critical information critical to prosecuting a
computer trespassing case.
> | ? Make sure that all appropriate personnel...
> |
> | ? Have temporary backup/replacement systems...
So now I have to have some number of backup/replacement systems?
How many per hundred employees? What if it's an SMB who only has 10
employees.
Switching to a backup system still doesn't assure a reliable restore.
> | ? Restoring systems will involve restoring data from firewalls...
That can be a really fun chore. I now have new MAC addresses, and if
I'm using random DHCP, I've probably eliminated any chance of restoring
the same functions. Also, the firewall was obviously useless, because
the application used firewall insensitive ports to blow through the
core functions.
> | ? Most attacks are introduced unknowingly by insiders...
Yep, you don't have to open an attachment, you don't even have to open
the e-mail, all you have to do is "preview" the e-mail in outlook, with
HTML display enabled on IE while IE has ActiveX enabled. At that
point, there is NOTHING that the ActiveX control cannot do.
To me, one of the more imaginitive viruses was NIMDA. It had so many
ways to hack into any system, that it could hit servers as well as
workstations. In fact, any machine that ran Windows was vulnerable.
> http://www.informationweek.com/story/showArticle.jhtml?articleID=190300163&cid=RSSfeed_IWK_All
|
|
