[Dshield] simply don't trust a mailbox

Susan pobox2 at pinn.net
Mon Mar 18 19:08:28 GMT 2002


Simply said, any machine that receives email these days needs to be 
monitored at all times. And I don't care which version of windows you 
use, (and I love windows believe me but it's just not made for the net) 
or how much windows related monoitoring software you've got, it can fail 
and you won't know it. There are viruses/trojans that even target Norton 
AV. Yes we run a business that handles a lot of email so we would be a 
prime target for those types of attempts. A mailbox is a mailbox 
electronic or otherwise. Least it's not anthrax yet. Most I ever get is 
a headache...

----------------------------------------------

RE:>>Message: 7
Date: Mon, 18 Mar 2002 17:20:11 +0100
From: Stephane Grobety <security at admin.fulgan.com>
Organization: fulgan.com
To: Bob Savage <list at dshield.org>
Subject: Re[2]: [Dshield] Quiet secure mailbox
Reply-To: list at dshield.org

BS> Susan (or anyone), am I completely misunderstand what you're saying?  Or
BS> is it possible that I have damaged boot records somewhere on my network
BS> and just don't know it?

Well, I have the same interrogation as you here: I just plain don't
understand what Susan meant. To me, either it's a troll, or there is
something I didn't get in this message. Please allow me to sum up what
I just don't get:

1/ There seems to be a mixture of "securing a mail server" (I presume
that's a SMTP/POP3/IMAP4 server) and "securing a windows server" witch
are two rather different things (one being  an application, the other
being an OS).

2/ There is a lake of factual information: we're being told that
windows in impossible to "secure" without no definition of what
"securing" it against nor what tool/software where used (if any).

3/ I see no explanation why one should start over everytime with
windows while you don't have in Linux.

4/ I can't quite figure out what the author mens by "Mailbox".
Sometimes it seems to designate a machine, sometimes a service and it
seems never to be used in it's original sense (distinct logical mail
repository).

5/ No matter how often I read this mail, I can't find any actual
facts. Only references to pretty subjective problems. What was the
purpose ?

Could the author please clarify his/her message ?? Some contextual and
factual informations would be welcome in trying to figure out what it
meant.

TIA,
Stephane
-------------------------------------
----------END------------------------




More information about the list mailing list