[Dshield] MS Patching side-effects
ltr at isc.upenn.edu
Thu Aug 18 20:19:58 GMT 2005
>Just remember, kiddies - this only delays the devastation until the first
>infected laptop gets inside the perimeter.
Actually, that is not true! Using IPSEC you can prevent *any* incoming
communications to workstations to 'evil ports'. Placing an infected laptop
in a network running IPSEC (properly configured) wouldn't infect the rest of
the hosts (even if they weren't patched). I am not saying use IPSEC as a
replacement for patching just use it as an additional layer of security.
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security
Philadelphia PA USA
LTR at ISC.UPENN.EDU (215) 898-1236
SANS - The Twenty Most Critical Internet Security Vulnerabilities
SANS - Internet Storm Center
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Valdis.Kletnieks at vt.edu
Sent: Thursday, August 18, 2005 3:45 PM
To: General DShield Discussion List
Subject: Re: [Dshield] MS Patching side-effects
On Thu, 18 Aug 2005 14:40:20 EDT, David Taylor said:
> control based on IP/Subnet, hostname from port/to port, etc. Using IPSEC
> you can place a virtual IP/Packet Filter around all of your workstations
> which would block most of these attacks from hosts outside the network as
> well as hosts from within the network.
Just remember, kiddies - this only delays the devastation until the first
infected laptop gets inside the perimeter.
Having said that, it's still a good idea to implement it anyhow, as long as
you remember what its limitations are....
More information about the list