[Dshield] Quiet secure mailbox

Bob Savage bsavage at rnr-inc.com
Mon Mar 18 15:44:17 GMT 2002


Hi, all.

I've been following discussions here for about a month and most of it is
far over my head.  It's a learning experience and I've got a lot to
learn.

However, I'm really confused about Susan's message here.

I run a small business network that's almost 100% Microsoft.  I don't
have Linux anywhere, and although our business system runs on Unix it's
parallel to, not in front of or behind our Microsoft file and exchange
servers.

We've had our share of failed attacks, and like everyone else we fought
off nimda.  We get a lot of spam and regular instances of what appear to
be failed log-in attempts related to email, but as far as I know haven't
had damaged boot records on server or client machines since I've been
managing this network (almost a year).  I haven't done a whole lot of
tweaking, although I have tried to implement some security tips and
practices picked up in a lot of places, including those I've learned
here.  I am, however, a "fiddler" and my own experience has been that
too much foolin' around and tweaking always leads to problems.

Susan (or anyone), am I completely misunderstand what you're saying?  Or
is it possible that I have damaged boot records somewhere on my network
and just don't know it?

And please, please, I'm trying to learn here, not bait anyone into a
pro- or con- Microsoft discussion!

Bob Savage	


-----Original Message-----
From: Susan [mailto:pobox2 at pinn.net]
Sent: Monday, March 18, 2002 8:54 AM
To: list at dshield.org
Subject: [Dshield] Quiet secure mailbox


I don't know if any of you remember but about 6 months ago I said it was

my goal to have a quiet secure mailbox. Well aside from probs at our 
webhost I have achieved the secure mailbox on this end. I spent about 5 
months trying to do it with windows. It wasn't possible. I 
bought/downloaded every software imaginable to attempt it.I tweaked and 
tweaked. I crippled parts of the system to make it less vulnerable etc 
etc etc (removed lots of communication junk, tinkered with the registry 
etc took out schscrp.dlls conf. dlls all that). It still wasn't 
possible. I had to keep reloading the system because of crap that would 
come in via email/random data picked up on the net and open holes or 
something. I imaged the drive for quick reload, the boot record showed 
up damaged again and again, probably an email bug, yes of course my 
virus defs are up to date, everything the latest software)

So anyway I put linux on one time and it has held it's own. I can add to

it instead of always starting over. Mail folders are not executable. I 
have been sniffing the line here for days and nothing is coming in. 
nada. nothing. except for the one wierd 90.* arp which I am still 
investigating, which may, yes have come off another (yes you guessed it,

a windows computer sharing the router that was hooked up for a few 
minutes though not directly connected to the mailbox)

But when the linux box is the only thing online, nothing moves, nothing 
shows, its real stable. It acts as a mailbox/traffic/arp cop for 
anything connecting to the router now and is superb. It logs in plain 
english, It mails me daily, it tracks itself. This box I WANT online all

the time. It's always listening so we'll know if anyone is knocking. No 
rlogins are permitted. Its tcp wrapped hard and ssh installed just in
case.

Maybe I can move ahead now, but I will forget about windows because 
attempting to really secure it was a complete waste of time, even behind

an excellent external firewall. As far as I can tell it's not possible 
to secure any windows system unless maybe its downline from a linux 
system. you just end up wasting your money on software and then you 
still have problems.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list