[Dshield] simply don't trust a mailbox

Stephane Grobety security at admin.fulgan.com
Tue Mar 19 07:20:08 GMT 2002


S> Simply said, any machine that receives email these days needs to be
S> monitored at all times.

It depends on what you need email for and what your infrastructur is,
but I don't see a problem: that's what watchdogs are for, isn't it ?

S> And I don't care which version of windows you
S> use, (and I love windows believe me but it's just not made for the net) 
S> or how much windows related monoitoring software you've got, it can fail 
S> and you won't know it.

Ah... Could you provide facts here ?? I've seen windows machine fail,
I've seen unix machine fail, both on various levels ranging from
hardware problem to having the SMPT connection hung indefinitely, but
I can't see how a monitor would not have noticed that and, so far, I
didn't see a well-thought auto-recovery procedure fail from a
recoverable error and the watchdogs to fail to report the failure.

S> There are viruses/trojans that even target Norton 
S> AV.

Well, I've never heard of it (although I could well have missed it: I
don't know every virus out there) but let me ask: what's your point ?
NAV is an anti/virus product. Like everything, it could contain biugs
and all but, also, it must be updated fequently. That means that, even
if it was exploitable (that would mean creating a file that, once
scanned, would induce the AV to run some trojan code: something pretty
unlikely for an AV), the window of vulnerability would be much smaller
than in other software. Also, you cn very well run the AV scan in the
context of an unprivileged user that only has rights on the folder(s)
where the files are to be scanned...

Finally, if you don't trust or like NAV (a point of view I'm beginning
to share myself), then don't use it. There are plenty of alternatives
out there and some of them are actually pretty good.

S> Yes we run a business that handles a lot of email so we would be a 
S> prime target for those types of attempts.

Yes ? So ? I've seen other business delaing with a lot of mail, being
the "perfect target" and not having that kind of problem. It mostly
boils down to: "what mail server software are your using" and "what is
security procedures".

As long as you've got a decent firewall at the gateway or, if not
possible, on the server machine instead (there are several products
that will do that quite well), you'll have no problem running a mail
server on an NT machine.

S> A mailbox is a mailbox 
S> electronic or otherwise.

Yes, but you seem to keep sazing of "mailbox" when you seem to mean
"mail server" or "mail server machine". Your messages are, to me very
confused (meaning that I have trouble extractibng information from
them) and incorrect wording doesn't help a bit.

S> Least it's not anthrax yet. Most I ever get is 
S> a headache...



-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com





More information about the list mailing list