|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Ethical/Theoretical Question
From: Marc (marc
EEYE.COM)Date: Mon Jun 05 2000 - 19:48:05 CDT
- Next message: Tom Sutherland: ""Port mapper" for NT/2000."
- Previous message: IN0M: "Certified Security Course"
- In reply to: Donald Messier: "Re: Ethical/Theoretical Question"
- Next in thread: Paul L Schmehl: "Re: Ethical/Theoretical Question"
- Next in thread: Dan Schrader: "Re: Ethical/Theoretical Question"
- Reply: Marc: "Re: Ethical/Theoretical Question"
- Reply: Paul L Schmehl: "Re: Ethical/Theoretical Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I think all in all the whole discussion is a rather large waste of time.
Spreading a "virus" that fixes problems is a overly flawed idea for many
reasons.
Creating "prisons" and other fancy network setups in order to contain a
virus is a large waste of time. There are some instance's when "prisons"
could be useful but most of the time they are not.
The best way to protect against virus's is to not let them into the
corporation in the first place. You must accept that 99.9% of all avg.
computer users (especially windows users) run rampant with ignorance so it
is up to you to do as much as you can to save them from themselves... or
save your company from them.
All in-coming and out-going traffic should be scanned for Virus's, Trojans,
and other types of potentially harmful data.
For example your accounting department should never receive files with:
.exe,.com,.bat,.vbs and a whole lot of other extensions that I am not going
to type. Also you should be scanning files that are archived within .zip
files.
word documents (and anything else that supports scripting or macros) should
be scanned and macro/script code removed. Your accounting department for
example should not need a word document to be eMailed to them that has
macros in it. All word documents with macros in them should be created
within the accounting department.
bla bla bla bla bla
The majority reason for virus's spreading is poor network design and
ignorance on the part of a lot of the IT world. (O bet I pissed a few people
off there! o well) Most poor network design is due to companies hiring
IT/Security consultants to setup their networks who have no understanding of
the companies corporate structure. Before you can secure a system you must
understand every aspect of the company who's network your trying to secure.
Yes there are stupid users that open virus's etc... but as an Administrator
it is YOUR job to keep users from being able to act on their ignorance in
the first place.
it is not always the IT peoples fault though... a lot of blame can go
towards the executive staff and money matters.
Signed,
Marc Maiffret
Chief Hacking Officer
eCompany / eEye
T.949.675.8194
F.949.675.8294
http://eEye.com
- Next message: Tom Sutherland: ""Port mapper" for NT/2000."
- Previous message: IN0M: "Certified Security Course"
- In reply to: Donald Messier: "Re: Ethical/Theoretical Question"
- Next in thread: Paul L Schmehl: "Re: Ethical/Theoretical Question"
- Next in thread: Dan Schrader: "Re: Ethical/Theoretical Question"
- Reply: Marc: "Re: Ethical/Theoretical Question"
- Reply: Paul L Schmehl: "Re: Ethical/Theoretical Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]