[Dshield] got one

Shane.Steckelberg@k12.sd.us Shane.Steckelberg at k12.sd.us
Tue Feb 14 15:03:24 GMT 2006


Adam, I agree whole-heartedly.  Time and time again I am concerned and
dismayed at the poor management and security practices of IT departments
in hospitals, financial industries and other institutions.  It's easy to
find hospitals that have open wireless networks and even worse--run open
telnet applications over the link!  A few weeks back visiting the doctor
I found enough problems to make me consider doctoring
elsewhere...webshots on every machine, easy access to windows terminals
without screen filters, etc.  While the attackers should be dealt with;
we should not forget about the administrators of these crucial networks.
Why are these terminals running with, most likely, admin rights(likely
that the apps are poorly written as well?)?  Why do users have the
ability to download apps?  The story only presents more questions than
answers. 

Recently, I spoke with a company regarding off-site storage.  While they
have "high security" in many places, their transfer mechanism was simple
FTP.   When I posed a few security questions and concerns about this,
the rep said, "We deal with all sorts of multi-national companies and we
rarely get questions like this..." Fortunately he provided a more secure
transfer mechanism.

This leads me to another question I've wanted to pose for some time:
I hear very little about MIME type filtering from other administrators.
Sure, it can be a bit of a hassle to manage at times, as is anything,
but I've never had a known malware infection for years because of this.
Users don't have the ability to download the octet-stream files that
start the infections to begin with.  Since they don't have admin rights
either, malware can only hook to a profile rather than the system if an
infection did take place.  Why don't we see this in managed environments
to a greater degree?  If we're effectively managing our environments we
don't want them installing non-conforming software without the blessing
of IT do we?  Although we run a tight environment user satisfaction with
our restrictions is quite high and we've never had a viral or malware
related incident in more than four years. Slammer affected us but only
from an incoming bandwidth perspective. Insight from the list would be
appreciated!





-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Stasiniewicz, Adam
Sent: Monday, February 13, 2006 9:58 PM
To: General DShield Discussion List
Subject: Re: [Dshield] got one

Hmm, here is a thought.  How about we take a step back and look at the
IT security that was in place for a hospital?  I might understand if the
hospital was specifically targeted by the hacker, but a random net worm
making its way into the computers of an ICU?  All the hospitals I know
only offer limited internet in the administrative/doctor offices and
completely remove access on the floors (for this exact reason).  I think
the real question here is how could this have happened in the first
place?

Regards,
Adam Stasiniewicz
Computer and Communication Services Department Milwaukee School of
Engineering
MSCE: Messaging & Security 2003 

> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list- 
> bounces at lists.dshield.org] On Behalf Of Mike Trahar
> Sent: Monday, February 13, 2006 3:06 PM
> To: list at lists.dshield.org
> Subject: [Dshield] got one
> 
> has anyone seen this?
> 
>
http://www.computerworld.com/securitytopics/security/story/0,10801,10864
3,
> 00.html?source=NLT_PM&nid=108643
> 
> I hope they hang them.
> 
> Mike
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org To change your subscription 
> options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own
couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list