[Dshield] web access list

Tony Earnshaw tonye at billy.demon.nl
Wed Jun 30 11:03:12 GMT 2004


tir, 29.06.2004 kl. 20.53 skrev Guy Barnum:

> and towards the bottom you'll notice two MS vulnerabilities mentioned,
> one without a patch.  With this text in the article "Microsoft hasn't
> yet positively identified the flaw being exploited" and another huge
> web-wide credit card hack mentioned in the same Computer World mailing I
> have to wonder what you guys are doing to protect your surfers.
[...]

> IMHO firewalls and AV wares are going to continue falling further behind
> (drastically) in their ability to detect or stop internet born threats.
> Users might think its draconian, choking off their web usage, but if
> your IT Dept. has the pull to make it happen it seems like the best
> compromise to putting the pc's back in the boxes that I can think of.
> 
> Does anyone on this list currently make an authorized surfing list like
> this?  Any problems or suggestions with this kind of plan?  What are
> your thoughts?

As yet, apps under Gnome under Linux have few exploitable weaknesses
*if* the OS and apps are kept up to date - with due respect to security
reports (CERT, SANS, vuln etc.) The standard firewall that is included
with all (?) Linux versions is effective and safe, a separate utility
makes the firewall logs easy to read (html-formatted output).

I could previously use Linux for everything to do with my Internet
banking, except confirming a money transaction, which demanded Internet
Explorer 6 for implementing non-revocable actions. Getting onto the
Internet under Windows XP always scares the heck out of me; I complained
to my bank and was never so pleased as when I learned that there was  an
alternative for Unix/Linux users.

One thing that still amazes me, is that people who buy PCs blithely go
ahead and install their new XP-based computer with DSL connections and
all, without extra software and without being aware of the consequences.
No-one seems to warn them; not the computer salesman, their ISP nor
anyone else. Reading my firewall logs, every day as I do, is proof of
this.

--Tonni

-- 

We make out of the quarrel with others rhetoric
but out of the quarrel with ourselves, poetry.

mail: tonye at billy.demon.nl
http://www.billy.demon.nl




More information about the list mailing list