[Dshield] d-shield, who are they?

Jeff Kell jeff-kell at utc.edu
Sat Aug 16 03:53:14 GMT 2003


Johannes B. Ullrich wrote:

> It is hard to educate users about worms/viruses and such. To some
> of the non-techies I talked to, the conecept that your computer could be
> infected "without you having to click on any e-mail attachment" was
> totally new.

I would agree 100% for home users, but server admins should know better 
(IIS, bind, sendmail, RPC(unix), ssh, etc exploits).

> For your high school, I would recommend some better security policies
> and practices. Firewalls not only to the internet, but also to segment
> some of the internal networks. Maybe some proactive scanning if
> something like the RPC DCOM is announced. 

Firewalling internal networks can be tricky at best *if* you are really 
doing Microsoft file sharing, Samba, CIFS, etc.  It hits you where it 
hurts and you can't necessarily block it (no more than you can block 
http for IIS or Apache weaknesses, it's self-defeating).

Jeff





More information about the list mailing list