[Dshield] RE: Microsoft's Super Hidden Files - sliding off topic

Josh Tolley josh at raintreeinc.com
Fri Oct 25 15:58:35 GMT 2002

Comments in-line...

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Jason Allen
Sent: Thursday, October 24, 2002 2:18 PM
To: list at dshield.org
Subject: RE: [Dshield] RE:FW:Microsoft's Super Hidden Files - sliding
off topic

------ snip
> I have spent many years supporting MS operating systems and have no
> for ANY flavor of ANY OS. 

Yay! :)

------ snip
> What really scares me is that I know a little....I know that I can't
> afford expensive intrusion detection systems, that it's a struggle to
> users educated, that centrally managed anti-virus software isn't
> that any day, someone who knows more than me (I?) can introduce
something > onto my network that will compromise the integrity or
confidentiality of 
> our information. This is a scary, scary place to be, in my mind.
> it's just paranoia, but it feels real to me. 

Scares me too. Add to that the fact that because of a) bureaucracy, b)
tradition, c) stuff that for any other reason has to be done but isn't
really the best thing to be doing right now I don't have the time to
study up as much as I should to make that list of malicious smarter
people as small as possible. And by the way, hoping not to enter into a
grammar debate, I believe it's "someone who knows more than I" because
we have accepted shortening "someone who knows more than I know." 

> I would like to see more about what a lowly civil servant can do to
> protect his users....what works well and doesn't cost thousands of
> dollars? How can I stay ahead of the curve and at least have a few
> warning about this stuff before it slams into my network and costs me
> respect of my users that I have struggled for years to build up. 

--------------------- snip

> If anyone has any tips for helping to safeguard and monitor a network
> about 200 users with a big pipe to the Internet, I would appreciate 
> hearing from you. Are there any good FREE IDS available? 

I like Snort. I like its MySQL logging, and the reports I can get from
it. And I like it that they've all been ported to the Windows
environments I'm familiar with so that I can still use them while I plug
away at learning about my new Linux box. To put this in context, I am
not a security professional specifically, though that is an eventual
goal. With that disclaimer, I am one of the few in our relatively small
organization with any security education and concern. And although I am
concerned about the types of information something like Snort would show
me, I'm more concerned with the users that time after time fail to
update their OS, Anti-virus software, or whatever else despite the very
simple and easy to use mechanisms built into that software to allow even
the most bereft of computer savvy to keep their systems current. I'm
also more concerned about the user who despite numerous warnings to the
contrary indiscriminately opens all email and associated attachments no
matter the source. I too am in no position to afford centrally-managed
anti-virus or OS update systems. Suggestions of fairly inexpensive tools
to administer, say, shocks or pepper spray to those opening unfamiliar
email attachments would be much appreciated ;)

Josh Tolley, GSEC

More information about the list mailing list