So is this all documented somewhere, or have you learnt all this by
experience? Or both? ;)

> -----Original Message-----
> From: Patrick S. Harper [mailto:patrickinternetsecurityguru.com]
> Sent: Thursday, August 16, 2001 6:24 AM
> To: Andrew Langton; 'Frank Knobbe'; security-basicssecurityfocus.com;
> focus-mssecurityfocus.com
> Subject: RE: Accessing mail from the web
>
>
> My IIS systems were also not affected by code red, and I did
> not need to
> apply the patch. I simply removed the .ida mapping,
> unregistered the DLL
> and then renamed it. If I had anything running index server
> I would have
> used the patch.
>
> > -----Original Message-----
> > From: Andrew Langton [mailto:andrew.langtonBabcockBrown.com]
> > Sent: Wednesday, August 15, 2001 11:58 PM
> > To: 'Frank Knobbe'; security-basicssecurityfocus.com;
> > focus-mssecurityfocus.com
> > Subject: RE: Accessing mail from the web
> >
> >
> > So how did you avoid the Code Red worms? The way I
> understand it, they
> > worked by utilising the .ida vulnerability - that works
> over port 80.
> >
> > > -----Original Message-----
> > > From: Frank Knobbe [mailto:FKnobbeKnobbeITS.com]
> > > Sent: Wednesday, August 15, 2001 9:59 AM
> > > To: 'Andrew Langton'; 'RH'; security-basicssecurityfocus.com;
> > > focus-mssecurityfocus.com
> > > Subject: RE: Accessing mail from the web
> > >
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > > -----Original Message-----
> > > > From: Andrew Langton [mailto:andrew.langtonBabcockBrown.com]
> > > > Sent: Tuesday, August 14, 2001 5:16 PM
> > > >
> > > > Therein lies the problem.... we don't really have the
> > > > resources to put into
> > > > constantly patching both Windows and IIS if the servers are
> > > > exposed. Our
> > > > aim is to make the system as unexposed as possible.
> > >
> > > Andrew,
> > >
> > > you need to get used to the fact that HAVE to accept a
> certain risk
> > > level. If you want to play it bullet-proof and 100% safe, then you
> > > need to keep the box disconnected from the network.
> > >
> > > If the system is properly hardened in the beginning and configured
> > > well, you don't have to put every patch on it. I had
> systems (of my
> > > own and client systems) that were not patched against Code Red.
> > > However, they were not vulnerable because the systems were setup
> > > properly in the beginning (remove stuff, incl. IIS mappings, that
> > > aren't needed; correctly configured firewall; properly hardened
> > > system; etc)
> > >
> > > A web server for OWA, that accesses an Exchange server on
> a different
> > > box, can be slimmed and hardened quite well. I see you
> reaction as a
> > > fear of the unknown. I suggest you review a couple NT hardening
> > > guides and built the machine while repeating the lines "I
> will remove
> > > what I don't need, I will remove...".
> > >
> > > Again, if the system is properly setup, you don't need to
> have a lot
> > > of resources babysitting that box.
> > >
> > > Regards,
> > > Frank
> > >
> > >
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGP Personal Privacy 6.5.8
> > > Comment: PGP or S/MIME encrypted email preferred.
> > >
> > > iQA/AwUBO3qqR5ytSsEygtEFEQIA8QCeN36Zm8iAfKSCWQQXRZCVX3+gAmoAn2Gf
> > > omTFhptWiRqZAKTA8RxNagyO
> > > =LjG9
> > > -----END PGP SIGNATURE-----
> > >
> >
> >
> >
> > This email message may contain information that is confidential and
> > proprietary to Babcock & Brown or a third party. If you are not the
> > intended recipient, please contact the sender and destroy
> the original
> and
> > any copies of the original message. Babcock & Brown takes
> measures to
> > protect the content of its communications. However, Babcock &
> > Brown cannot
> > guarantee that email messages will not be intercepted by
> third parties
> or
> > that email messages will be free of errors or viruses.
>

This email message may contain information that is confidential and
proprietary to Babcock & Brown or a third party. If you are not the
intended recipient, please contact the sender and destroy the original and
any copies of the original message. Babcock & Brown takes measures to
protect the content of its communications. However, Babcock & Brown cannot
guarantee that email messages will not be intercepted by third parties or
that email messages will be free of errors or viruses.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]