Jason,
Your are correct that SUS has the ability to act as a filter, where
updates are approved on an "internal" server and the clients are re-directed
to the "external" windowsupdate site for the download of the update itself.
However, SUS also facilitates building an internal infr
From: "John Tolmachoff" <[EMAIL PROTECTED]>
> Right on their website ;-)
Their site looks different today than it did in October of 2001.
Also, I have received an e-mail explaining that their Tier 1 and Tier 2
Techs are outsourced. Tier 3 is in-house. Tier 1 I understand, but Tier 2?
Most companie
Jason,
Are their known vulnerabilities with Windows Update and the client side code?
Chris
-Original Message-
From: Jason Coombs [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 2:38 PM
To: Jed Needle; [EMAIL PROTECTED]
Subject: RE: Critical/Security Updates as well as other Patc
No experience with Top Layer's stuff - although I, too, am interested in
hearing from others.
For IPS there is at least:
1) Hogwash: Layer 2 packet mangler based on Snort originally. Now moving
away from Snort...it drops, logs, or alters packets according to IDS
rules.http://hogwash.sourcforge.net
Forgive me if this seems trivial or "newbieish" but I am new to
the "Security" end of computing.
With the new CERT Advisory CA-2003-08. I got me to thinking "What are
others policies, procedures, and requirements for home users connecting
via VPN to a corporate network?"
When a person conne
Tier 1 personnel read off of cue cards
Tier 2 personnel have some ability to troubleshoot the problem and the
ability to send it to tier 3 back @ NetScreen.
Since my company has been using NetScreens for so long, we usually only call
support if we find a severe bug. In these cases, we are escalate
Hi We use Ecora Softwares patch manager. We didn't like patch link that much
from a usablity point of view. Try ecora and see what you think at
http://www.ecora.com. It also will be doing linux and solaris in the next
version and it is fairly inexpensive.
-Original Message-
From: Vic Ricke
I have to chime in as one who has been seeing increased Klez activity as
well. Only thee or four a day but, considering we were going for a period
with none, it does make me curious.
> -Original Message-
> From: Mike Heitz [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 12, 2003 8:31 PM
Good to talk so someone else using GroupWise and Guinevere!
Anyway, I have had frequent spurts of traffic from Klez H. It is still
the most popular and it doesn't take long at all to tell why. If one
person's home computer has the klez virus and also happens to have many
of the people in your
On Tue, 11 Mar 2003 20:32:02 -0500, "Jennifer Fountain"
<[EMAIL PROTECTED]> wrote:
>I am currently looking into configuring my company's time servers.
A couple of things:
You can probably skip making ntp servers out of your DMZ-based
machines.
Set up your ntp servers on your corporate LAN and
Why not just set it up on your existing server or servers and only let the traffic on
port 123 out! do not let any connection inbound to this server on any other port than
is needed. People will not query your server from outside so deny it. Allow Lan to
query port 123 to dmz in firewall so cl
My former department here runs Guinevere and GroupWise. In February,
Klez.H accounted for 83.8% of the viruses/worms blocked by Guinevere.
This month so far it's 86%. Nelson Labs uses a program that I wrote to
post their Guinevere stats to the Web. Between February and March,
Klez.H accounts fo
Really, all you need to know is on the web pages, http://www.ntp.org.
My favs are the cookbook - http://www.umich.edu/~rsug/services/ntp.html (for
setting up your internal clients) and the FAQ,
http://www.ntp.org/ntpfaq/NTP-a-faq.htm - see section 6.2.1.3. How should I
provide NTP services for a h
Hi,
I've read a lot of posts on this list and others and a good deal of
security related articles on this site and others like http://www.sans.org
and http://www.cert.org Most of what I have read focuses on network
and/or computer security but I haven't found very much information that
focu
Open Source Honeypots, Part Two: Deploying Honeyd in the Wild
By Lance Spitzner
This is the second part of a three-part series looking at Honeyd, the open
source honeypot. In this paper we we will deploy Honeyd on the Internet
for one week and watch what happens. The intent is to test Honeyd by
le
Hi,
I've been seeing a lot more Klez lately too. I think a new
variant came out a few weeks ago and the unprotected people are
spreading it like crazy. Just log the emails to track where they came
from and try informing the actually sender that they are infected(Klez
spoofs email addresse
sorry for the multi post
here is the English site.
http://www.networkinstruments.com/products/observer.html
What is the link to Observer?
> -Original Message-
> From: Gerhard Rickert [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 11, 2003 6:15 PM
> To: [EMAIL PROTECTED]
> Subj
So Far, playing with Watchguard is a child's play. I don't get what went
wrong in configuring Watchguard vpn for Tim. Watchguard website gives
extensive FAQ on these technical issues. If you crawl through their website
you can definitely find the solution. If you couldn't find it, You may mail
m
Brad,
You can try to use ettercap. It can be found at
http://freshmeat.net/projects/ettercap/?topic_id=150%2C43. Very good
utility. Set up a MITM PC running Linux. You will sniff all nodes on
the segment. The tool even offers an ARP poisoning option, which will
allow you to interject your own
Here is the link to Observer
http://www.observer-analyzer.de/index.html
What is the link to Observer?
> -Original Message-
> From: Gerhard Rickert [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 11, 2003 6:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Justifying the spend on a vulnerab
SUS is nothing more than a filter for windowsupdate.com that tells managed
boxes not to allow windowsupdate.com to install anything other than the
subset of updates approved by the SUS administrator.
Each Windows box still uses Windows update directly, so all vulnerabilities
that impact Windows up
I will comment on support - the Netscreen side is a PITA if you get the
wrong person. I had routing problems and explained the issue over and over
during business hours support yesterday. Regardless of what I said, the
engineer swore that was the right way to do it - I insisted it was not. He
blame
Yes is very solid application.
Not fast for install and configure but Solid. I have close with sendmail and
vulnerability of this bad MTA. I have one server with Qmail and more tool
with interface and postgresql databes of user account, and run from 2 year
without stop or D.O.S.
Use for install,
This leaves open the issue of a criminal targetting someone; stealing their
phone and hijacking their bank account/s - kinda like credit cards but
without the understanding bank manager at the end huh?
Regards,
Hamish Stanaway
-= KoRe WoRkS =- Internet Security
Owner/Operator
Auckland
New Zeal
eTrust suite contains access control software, which formerly known as memco
access control. Its an excellent access control as well as sso solution,
working at kernel. Therefore, interoperable in windows/unix environment.
Regards,
Planz
- Original Message -
From: "Depp, Dennis M." <[EMA
With all regard to the last post,
I don't know if what you're looking for is actually just the scanner. I
think it might be a combination of scanner, ids, company policy, multiple
firewalls, virus scanners and filtering rules.
I don't know how you could express your idea to your management that
Eric,
That's pretty interesting mainly because I've noticed a definite decrease in the
number of Klez hits on my scanning gateway. Usually when I see a lot of hits it's
because one of our vendors or clients has gotten infected and they have pretty much
everyone in my office listed in their add
Check out Fortigate also... www.fortinet.com It is started by the same
founder @ Netscreen.
As the only systems in the world that are triple-certified by the ICSA
(for antivirus, IPSec, and firewall functionality), FortiGate systems
deliver the highest level of security available.
-Orig
If you are running Windows 2000, you can also use Kerberos, and you can
authenticate UNIX systems against ActiveDirectory.
Best Wishes,
Chris Travers
- Original Message -
From: "John O'Connor" <[EMAIL PROTECTED]>
To: "Trevor Cushen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesda
Well, we use a GPS base timesource inside our corporate network. This
timesource is use to feed my 2 main central routers.
The 2 routers act as timesource for my root W2K DC (the one with the PDC
emulator role) that will in turn distribute time to all w2k stations and
servers in the corporation.
Hi,
Since you will be using machines in the DMZ to query over internet,
perhaps you might want to consider using the 3 servers you mentioned to act as a proxy
for querying the time servers. The proxy will only accept connections from internal
time servers and forwards them out.
Just a suggest
I've used Iperf to stress some boxes before.
http://dast.nlanr.net/Projects/Iperf/iperfdocs_1.6.5.html#features
-Original Message-
From: Gene Yoo [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 2:07 PM
To: [EMAIL PROTECTED]
Subject: network stress tool
does anyone have a recom
About a year ago we look at a couple of SSO options.
At work we have over 30 applications that require usernames and passwords. It is
painful.
one vendor was www.truesystems.com they had a simple elegant interface that allows
fast user switching and thin client and PC support. Supported windows
As regards how this might be leveraged as an exploit:
tricky, but you might be able to use it to inject data or hijack a session,
but more inefficiently than using the TCP SEQ/ACK-exploits.
Predict the next IP-ID to be sent, send a packet with that ID, (and spoofed
source) TCP/UDP headers, etc.,
> Right on their website ;-)
Their site looks different today than it did in October of 2001.
Also, I have received an e-mail explaining that their Tier 1 and Tier 2
Techs are outsourced. Tier 3 is in-house. Tier 1 I understand, but Tier 2?
Most companies as far as I know would not make you get
On Tue, 2003-03-11 at 06:21, MOHESOWA BYAS wrote:
>
> We have some doubts as listed below:
> 1. Is mobile banking a proven safe technology ?
> 2. Is this a common type of service or is it completely new?
> 3. Are there any known security incidents using this service?
> 4. What features should we
We're evaluating some software from Patchlink
(http://www.patchlink.com/) to manage our Windows environment. From
what I've seen of it, it looks very nice. They have preliminary support
for Solaris and Redhat as well, but we haven't gone there yet. I still
use red-carpet (http://www.ximian.c
Hi
Has anyone experience with Top Layer's Attack Mitigator IPS
does someone have 'daily'/ 'real live' experience with this product?( eg how
did they handle the slammer issue& recent other MS flaws, or unix flaws) so
far just found only commercial tests
Client would like to know if there any simi
38 matches
Mail list logo