|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Remo Cornali (remo.cornali
alice.it)
Date: Fri Jun 05 2009 - 04:02:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
R. DuFresne ha scritto:
> something solid on the actualy threat from internal users and admins?
>
A few years ago, the network of one of Italy's biggest publishers of
newspapers and books
went titsup.
The Code Red worm had infected all internal IIS web servers.
The network was behind an adeguate firewall. How could the worm have
penetrated the firewall?
A simple answer: it did not.
A consultant had brought his laptop with him and had connected it to
the net.
His laptop had been infected with the Code Red worm, and so the firewall had
simply been bypassed.
Since then, policies have been updated, and you cannot connect to the
network, if your
MAC address is not known to the admins.
Ciao!
Remo
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]