You're correct; most hacks are internal. And there are other precautions that need to be taken there; your servers, for example, should be just as firewalled from your internal network as from the external.
As for things like nimda, this is where the enterprise virus scanners come in. A total solution can obviate a lot of 'threats' before they even become threats. Yes, you need to keep your patches up to date, but it shouldn't be a 'ooh, new patch, deploy it across the entire network NOW' process. The 'four hours to a patch' number for OSS isn't a good thing, in my opinion; it often means that somebody slapped in some code, and it compiled. That's nice; that's not a patch. It hasn't been regression tested, for example. Look at time to *deployment*, not time to 'released to the Internet at large.* Muskoka.com 115 Manitoba Street Bracebridge, Ontario P1L 2B6 (705)645-6097 Muskoka.com is pleased to announce New High Speed Services please visit http://www.muskoka.com/services.htm for more information > -----Original Message----- > From: Steve Thomas [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 5:25 PM > To: Shayne Lebrun > Cc: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Really OT: Microsoft buys out RAV > > > On Tue, Jun 10, 2003 at 03:37:12PM -0400, Shayne Lebrun is > rumored to have said: > > > > > The *only* way to pull that off is to totally ignore security updates > > > (and the subsequent reboot). No thanks. :) > > > > Yes, and for an internal machine, properly firewalled and > segmented from the > > public internet, this is a perfectly acceptable practice. > > > > Except when you consider that about 50% of hacking incidents are > "internal"(1), perpetrated by either current or former employees. > Add that to the potential for damage when one of your users opens > a nimda-infected e-mail and you'll quickly find out just why you > need to be every bit as security concious on the LAN as at the edge. > > > -- > Steve Thomas > ---------------------------------------------------------- > "...subatomic matter in a particle accelerator that exists > for only a few microseconds seems to exhibit more uptime > than the RIAA's website." > -- Andrew Orlowski > TheRegister.co.uk > > (1) Gathered from various news articles - google is your friend. > Here's one example: > http://news.zdnet.co.uk/story/0,,t269-s2106959,00.html > ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
