| Author |
Topic: CERT |
Ray Minich
From:
Bradford, Pa. Frozen Tundra
|
Posted 5 Jun 2007 11:14 am |
|
Yesterday (Monday) on a call helping a business associate, I got to visit the offices of CERT at Carnegie Mellon University in Pittsburgh.
What an experience.
CERT is one of the organizations where the threat levels and hazard conditions for the various internet "evils" are quantified and determined. You see their evaluations and opinions when you visit norton.com or any of the malware solutions sites.
These folks are really "paranoid"... and so should we be after what I learned. A PC without a firewall, on the internet, is snagged within about 10 seconds. The bad guys are really bad and now even so called "trusted' sites can have malware they don't even know about.
Security at this place is unbelievable. I'm glad they are on our side. |
|
|
 |
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
b0b
From:
Cloverdale, CA, USA
|
Posted 8 Jun 2007 7:10 pm
|
|
A couple of days ago I did a fresh install of Windows Server 2003 Web Edition on a computer and connected it to a static IP on our T1 line. Within a few hours I got a call from my ISP's tech saying that one of my computers was mailing spam. He rattled off the IP address and it was that freshly-installed box! 
I've disconnected it from the network. I guess that Windows servers aren't such a good idea if you don't have an intelligent firewall. 
_________________
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 8 Jun 2007 9:12 pm
|
|
What have I said in the past about connecting any Windows computer to the Internet? Use a hardware, or at least a good software firewall before connecting to the 'net. It usually only takes 10 to 20 seconds for an un-firewalled Windows computer to get probed for open, vulnerable ports, which if any are found, the computer will be owned in less than one minute, and not by you. Windows Servers are a primary target because they are vulnerable out of the box, until you patch them online. A lot of sysadmins download service packs and hot fixes and install them offline, during setup, before the initial connection and activation takes place. You might want to look into a Barracuda firewall b0b.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
b0b
From:
Cloverdale, CA, USA
|
Posted 9 Jun 2007 8:02 am
|
|
I'm going back to Linux.  |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 9 Jun 2007 8:32 am
|
|
b0b;
I wish you could see my access logs of http attacks (fortunately unsuccessful) aimed at my Linux/Apache hosted website. The difference is that Unix/Linux is typically more secure out of the box, if you follow established security guidelines and change the default login and password, then apply security patches as they are issued. Windows Servers need to be patched before being put on the Internet, or they are vulnerable to takeover. External perimeter firewalls are necessary for all Servers that connect to the Internet, as all servers are constant targets for hackers.
Note my blog post of June 8 concerning the hacking of at least 3500 user's ftp passwords at DreamHost this week. DreamHost runs on Linux/Apache Servers, but apparently, they failed to apply necessary patches to some of the hundreds of server boxes. Php vulnerabilities are currently a huge target for Eastern European hackers, as are backdoors to Root.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
