D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP, Perl, server securing, etc.

 

Aaron Trevena wrote:
> 
> a) Quite a few "windows" of vulnerability for IIS/SQL Server/ASP/etc
> where servers or system software are shipped with unpatched
> vulnerabilities and you needed to keep your server behind a firewall
> blocking all services for hours or days until all the service packs
> and patches have been applied (at some points in the last few years
> tests have demonstrated a standard Windows Server install with no 3rd
> party software being compromised within **minutes** of being plugged
> into the internet)

My boss recently demonstrated this with W2KSP4 CD.

Installing Windows 2000 with a slipstream CD that included service pack
4 on a box exposed to the Internet (not clever, but he was just testing
if someone else's virtual server supports relevant aspects of W2K for a
legacy application) and by the time it loaded the latest Microsoft
Malware removal tool it had already been infected with something nasty,
so he had to redo it all after adding a virtual firewall to the virtual
server. Hardly news but it does make the point.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html