Curing a Corporate Virus Infection 346
museumpeace writes "Over at Internet Storm Center Deb Hale's 'In search of the bot net' entry for September 25 recounts a grueling hunt for all the .exe's, reg entries and sources for a bot infection of a 60 server corporate network. What a nightmare! The story ends with an indictment of careless users and a suspicion that Ares, one of the sloppier Pirate2Pirate filesharing tools was the original souce of the extensive corruption that eventually even crippled the AV tools. How typical is this sort of grief? [More more frequent than reported, I would expect: the corporate victim demanded anonymity for the story to be told]."
Pirate to Pirate? (Score:5, Insightful)
Pirate to Pirate?-Piss to pot. (Score:3, Insightful)
YEAH! Let's badmouth only the ones used to transport "pirated" material.
Re:Pirate to Pirate? (Score:5, Interesting)
I'm bloody well sick and tired of the piracy argument. The most succint argument about the permission culture that we are moving towards is put by Lessig in "Free Culture". We have this view that because something has value, that it equates to right. Look, if i bloody well want to share files, it is not obvious that I am "stealing" from anyone.
Example: When photography first became relatively widespread, it was not clear whether someone was in their right to take pictures of people or buildings without permission. Afterall, the photographer might be getting something of value, so perhaps they should ask permission. Now, ask yourself, what would the culture be like right now if whenever you wanted to take some vacation photos, you need to get permission? Jeez, Kodak would have been just like Napster, just aiding people trying to steal other people's value.
Remember, treating sharing as stealing someone's property is *one* system for treating intellectual property but it ain't the only one and it sure as hell ain't the one that the US has had for at least its first 180 years.
Piracy? Bloody well pisses me off whenever someone uses that term!
Re:Pirate to Pirate? (Score:3, Interesting)
Please. Please take the time to understand the issue from the point of view of the artists. And please be mature enough to realize that not all artists are rich spoiled musicians.
If I create something and people use it without compensating me for my hard work and talent, then that is wrong (assuming I am asking for something in return). Maybe it's not "stealing", but it is not fair and it is wrong.
Do
Re:Pirate to Pirate? (Score:5, Insightful)
br> I'm a scientist. I create what you refer to as IP every day.
Please. Please take the time to understand the issue from the point of view of the artists. And please be mature enough to realize that not all artists are rich spoiled musicians.
I never said nor thought that they were all "rich spoiled musicians". Indeed, I would argue that small indendent creators have more to gain from a system of distribution that bypasses the typical middle men such as publishers and record labels. I have many friends that have had book or recording contracts. I think that I would have a hard time telling these individuals whose market is likely to be small for their output that they are better off with these publishers/labels than developing alternative distribution methods. P2P is one possible distribution method and one that does not obviously equate to taking the food from the mouth of creators children.
Do you believe that anything that is not a solid object should be freely copied whenever someone wants?
Nice attempt to distort my original point. No, of course I do not. Do you believe that the only and best way that creators can make a living is by allowing a small number of media companies control distribution and use of media?
Have you really spent the time to think about what that would really mean?
Yes. Have you?
Re:Pirate to Pirate? (Score:3)
Re:Pirate to Pirate? (Score:3, Insightful)
Originality (Score:3, Insightful)
How much of the work is truly original? Most artists draw heavily upon a shared cultural heritage and public domain to create new works. It's a bit hypocritical to make use of that heritage and then scream "It's mine! All mine! Nobody else can ever look at it or listen to it without paying me for the privilege."
Re:Pirate to Pirate? (Score:3, Insightful)
Why do you think continually receiving remuneration for "hard work" you did once - up to and beyond the end of your life - is "right" ?
I mean, most people go out, do a days work, and get paid for it - why do you think "artists" should be paid for a days work over and over and over again
Re:Pirate to Pirate? (Score:3, Interesting)
Bullshit.
There is nothing in the theory of property or the history and evolution of the human species and economic social behavior which supports this notion.
Nothing.
Period.
As for "copying anything not a solid object", what the fuck do you think people are going to do when nanotech allows you to copy ANYTHING - including solid objects?
There is no such thing as "intellectual property" - exc
Re:Pirate to Pirate? (Score:5, Insightful)
Re:Pirate to Pirate? (Score:3, Insightful)
Look, here's how the law works now: It's VERY simple, and all these arguments just gloss over the fact of it:
IF YOU CREATE THE MATERIAL, YOU CAN DO WHATEVER YOU WANT WITH IT. IF YOU DO NOT CREATE THE MATERIAL, YOU CAN DO ONLY WHAT CREATOR SAYS YOU CAN.
Lucas created Star Wars. You can whinge on and on about how he 'ruined' i
Re:Pirate to Pirate? (Score:5, Insightful)
According to you I'm a horrible horrible person for not working my life away to let you have all the fun you want while I live in squalor. Gee, thanks. I don't understand how I completely misunderstood my place in life all these years! You, the one with no talents but a freely available file sharing program get everything while I, the educated, hard working person with a great idea and the means to produce it must be resigned to a life of crap.
Do you enjoy going through live being a complete and total self-centered, cheap ass bastard?
Re:Pirate to Pirate? (Score:3, Informative)
He certainly was paid big money for it. Da Vinci worked on commission, and for specific people most of his life, including the Pope, the Duke Of Milan and others.
Learn some history.
Re:Pirate to Pirate? (Score:4, Insightful)
It still is mostly used as a pirate to pirate network.
Blame the users, not the network.
Re:Otherwise B2B... (Score:2)
Re:Pirate to Pirate? (Score:3, Insightful)
Your analysis is not only faulty, it is unsubstantiated opinion. There have been numerous examples in the trade, on the Internet, and brought forth in recent civil suits that say with one voice: "You are wrong. There are many uses for p2p. It's very success speaks to that."
not justify the rampant sharing of unathorised copies of private works.
The legitimate uses don't have to "justify" those activities. The legitimate uses stand on their own, justif
So the Internet is used mostly for pirating. (Score:2)
Like Warez HTTP and FTP sites don't exist. Or people don't email each other software. Or you can't find it on USENET.
Oh wait, should we ban all Internet traffic?
Oh wait, NO WE DON'T YOU FUCKING TWAT!!!
WE GO AFTER THE PEOPLE USING THE TECHNOLOGY INAPPROPRIATELY!
Re:Pirate to Pirate? (Score:2)
Re:Pirate to Pirate? (Score:2)
I don't agree. Piracy has no place on corporate networks. Porn has no place on corporate networks. But, despite making up a very high percentage of the traffic on P2P networks, these two are not the only uses of such networks.
As a business user who frequently uses P2P networks to transfer large files between my office and home machines, I can assure you that there are legitimate uses, and that in many cases these are more convenient than the alternatives.
Re:Pirate to Pirate? (Score:4, Informative)
I think that the dangers outweigh the advantages of using P2P for that. Some guy has been advertising this site http://www.foundonp2p.com/ [foundonp2p.com][foundonp2p.com] that shows private data that can be found on p2p networks.
For moving stuff back and forth from home, I'd think that you'd be better off having IT set up a secure FTP site than P2P.
Re:Pirate to Pirate? (Score:3, Informative)
We have an application that automatically encrypts the files we might want to transport using 3DES, and PGP e-mails the SHA1, randomised filename and key to the potential recipients before putting the file into a gnutella public directory. This seems secure to me.
I agree, if you don't know what
Re:Pirate to Pirate? (Score:2)
Re:Pirate to Pirate? (Score:2, Interesting)
Most files available? Fastest downloading? Nicest looking interface?
Just because a p2p network is efficient and easy to use, and therefore insecure, doesn't mean it's the best
Re:Pirate to Pirate? (Score:2)
That's bull. You normally have one, maybe two ports open to incoming, and exploits have been rare. The insecurity normally revolves around 1) morons who share their entire HD, or 2) morons who download L33t Pr0n War3z without considering that "NudeBritneyAndWarthog.scr" may not be a benign file. (Some p2p progs attempt to foolproof themselves by limiting the folders that can be shared, and blocking files with executable
It's easy to blame the users... (Score:4, Insightful)
And security always includes usage policies.
Re:It's easy to blame the users... (Score:2)
that user should not have had the priveledges to install software in the first place.
Re:It's easy to blame the users... (Score:4, Interesting)
Users probably broke some internal rule about not installing external software and are certianly not blameless, but the ultimate job and responsibility of admins is to administrate. The admins let them have the right to install programs and seemingly didn't enforce/check logs to see what users had been installing.
Re:It's easy to blame the users... (Score:2)
an indictment of careless users and one of the sloppier Pirate2Pirate filesharing tools
Certainly suggests some prejudice from the story poster - to me this episode sounds like an indictment of careless admins. Why they jump on P2P being pirate I don't know, but I point out that if the story poster was related to the case, fail to acknowledge they are a related party, and the case ends up in legal predeedings, they have may have prejudiced the whole thing.
Re:It's easy to blame the users...Cake talk. (Score:2, Interesting)
Rules are clearly stated - enforce them or if you want to let users have more freedoms then keep and monitor detailed logs on what they do with these 'rights'.
You seem to demonstrate an immature attitude and lack of respect for users - if you are an admin you are employed because you are a specialist and it is better for you to be the sin
Re:It's easy to blame the users...Cake talk. (Score:3, Insightful)
Ok, then whose fault is this:
IT: We need to implement $securityrule.
CEO: No.
IT: But it will prevent $securityproblem.
CEO: No.
IT:
Or this:
IT: $User violated a security rule. They should be reprimanded.
CEO: No, we don't want to piss them off.
IT: But it was in the employee handbook, and they signed a statement saying they'd follow the rule.
CEO: Get back to work, shouldn't you have a microch
Re:It's easy to blame the users...Cake talk. (Score:5, Insightful)
Self-Discipline can be overwhelmed by rules. If you tack on all the Computer Rules to all the other rules (on Harassment, on Job-Requirements, etc) you rely on someone to remember a long list of do's and don'ts.
But a healthy admin policy will restrict the user without requiring her to remember what's acceptable and what's not acceptable, and why, and all that.
Who gives diddly what you think about your screensaver. That doesn't help you do your work.
Re:It's easy to blame the users... (Score:2)
Development machines and/or machines with sensitive info should be isolated from the corporate network, either by firewall restrictions, or by epoxy in the ethernet port. You're right, it's not an option; it's mandatory. Guess who's to blame when the the "shit happens?"
Re:It's easy to blame the users... (Score:5, Insightful)
And how they handle that shows how good they are. (Score:2)
-or-
#2. Convince managment to give you some funding/equipment to implement network security upstream of those insecure PC's.
The next question is WHAT you'd implement and HOW you'd do so and HOW you'd monitor it.
Anyone can throw a bunch of PC's on a hub and claim to have setup a "network". It's the added security and monitoring that differentiates the best from the worst.
Re:It's easy to blame the users... (Score:2, Interesting)
When something goes wrong, they surely deserve the blame.
Re:It's easy to blame the users... (Score:2)
Re:It's easy to blame the users... (Score:5, Informative)
1.) Desktop machines can use windows
2.) Servers must be unix based.
The user can corrupt the hell out of their hard disk, and they have only themselves to blame.
Re:It's easy to blame the users... (Score:2)
1.) Desktop machines can use windows
2.) Servers must be unix based.
The user can corrupt the hell out of their hard disk, and they have only themselves to blame.
While I agree that this provides a very good level of isolation between clients and servers, it doesn't take care of maintaining the client systems and it doesn't take care of every issue. Maintaining client systems is a PITA. A well run server should be little trouble.
Isolation between
Re:It's easy to blame the users... (Score:2)
1) Desktop machines can use Mac OSX (Mail.app, Microsoft Entourage, Lotus Notes [lotus.com])
2) Servers can be Solaris, OS/400, Linux ( Lotus Domino [lotus.com]) or FreeBSD
Mac OSX by default is much more locked down than XP. Forget using any version of Windows prior to 2000. I don't like the idea of allowing my users to shoot themselves in the foot. Both servers and client should be locked down, with the server having a few extra levels of protection if its
Re:It's easy to blame the users... (Score:5, Interesting)
We've had a number of keylogger viruses and such pop up on local machines, even from machines with restricted permissions (i.e. can't even write to C:). I don't know what's wrong with XP, but this looks to be a pretty big flaw.
It's the "missing sandbox" principle (Score:2)
Just out of curiosity, have you had similar problems under Win2K, or are you just seeing this with XP?
Re:It's the "missing sandbox" principle (Score:2)
Luckily, we have really good network administrators (Just a grunt tech here) and usually we can track down, isolate and kill infections before they can pose too much of a threat to other machines. We did have a couple copies of the latest Bagle running around, and that was no fun, but at least it didn't install itself into the system's shared-library directory.
Coming from Linux, t
Re:It's the "missing sandbox" principle (Score:2)
Re:It's the "missing sandbox" principle (Score:2)
Coming from Windows, the concept is equally terrifying.
Re:It's easy to blame the users... (Score:5, Informative)
If the service that the viruses are using aren't enabled, they can't be exploited.
Here's one way to deal with this...
Isolate the client; vlan/router or yank the system and put it in an isolated environment (test lab, 2 system LAN, ...). Turn off the client XP firewall (if any), run Nessus on another system and point it at the client [nessus.org], go back to the client system and disable all services that Nessus reports -- even the ones that are not considered problems! Do any security hardening Nessus suggests. If you really need the detected services, write down what you would loose by disabling the service, what it would take to secure the service, and if there are any automated tools that can be run client side to clean up or better block hostile attacks.
Document what you needed to do, do the same to a few more systems, and then automate the process (registry files, boot scripts, policies, ...).
Re:It's easy to blame the users... (Score:2)
Re:It's easy to blame the users... (Score:4, Insightful)
It has to be some service, otherwise there would be no way to have the files inserted on the machine.^ Put it this way; the trojan/malware/virus/... can't inject itself onto another computer. It needs to request that the target machine do something -- allowing the program/library/registry entry/... to be installed.
(The service being exploited might even be the admin drive share, though it's more likely some of the other less obvious ones.)
Bring up the services list to get a general idea of what is running or can be run (on demand). Keep in mind that the list is incomplete and disabling a service there might not really turn it off; verify that it is really off by running nmap and nessus against the target system.
Caution: Disabling a service does not mean your systems are more secure. Many services are only local and are not exposed to the rest of the network at all. While I suggest turning most of these off, the urgency is not as high and some of them are really necessary. Most of them are crap, though. This will be a lot of work, so take notes and look for things that break.
Another gotcha: When installing updates, the services you turned off before may be turned on again without warning. (Bet on it!)
Doesn't happen here (Score:5, Interesting)
# uname
Linux
# iptables -P INPUT -j DENY
# iptables -A INPUT -m state --state=ESTABLISHED,RELATED -j ACCEPT
# exit
$
Re:Doesn't happen here (Score:2)
I remember when you could map a drive from Windows to \\ftp.microsoft.com\data
I like your sig....
buy now, with a bit more work, it's silly pretty easy to map a drive from Windows to
\\security-through-obscurity.microsoft.com\os\l
It's kinda odd though - there's very little C code, but a lot of
Re:Doesn't happen here (Score:2, Informative)
This is the Switch User command (some call it the SuperUser cmd) which switches you to be the root administrator by default. The dash just means that your environment is setup as if you had logged in as this user, so that things like the PATH variable include /sbin and /usr/sbin if it didn't already.
`uname' prints the system type that you are running. The -o flag tells it to only output the generic Operating System name, which in this i
Re:Doesn't happen here (Score:2, Informative)
Protected Ports (Score:5, Informative)
Essentially, it prevents the indicated ports on the switch from communicating with other ports that also have that protection set. Unless you have sloppy shared directories or some reason for the actual PC's to talk directly to eachother, it won't harm anything and will prevent the viruses from spreading pc-to-pc once (not when) they get in.
Re:Protected Ports (Score:2)
Control your network. (Score:5, Interesting)
Everytime there's a big ass Windows vulnerabilty, there are security emails and IT manager emails basically saying "heads up, check your shit." But let's say somebody doesnt check his shit, and a site ends up infected. The WAN group watches the network, especially during times like this, and nodes are just dropped off routing from the rest of the network until they get their act back together.
I realize the article is talking more about the pains of these nasty new infections that mutilate machines, but the old saying works -- a good offense is a great defense. Assign local managers responsibility for the server boxen at their node, he/she should be keeping the machines patched, but when that fails, close the node off the network before it can damage anywhere else.
Of course the major server boxen have their own layer of network between them and the rest of the WAN, so they can be isolated if the worm is already rampant on the network. Doesn't hurt to access list transmission ports, either, icmp, tftp, foo...
Re:Control your network. (Score:2, Interesting)
I emailed the local IT guy from a state job that will remain anonymous about the recent jpg exploit. Told him we updated to IE6 recently and we may need the patch. 1) he didn't get back to me about it 2)I overheard him asking someone else about it. Chances are high the person had IE 5.5 installed and then he assumed everyone else would
Re:Control your network. (Score:2)
I would bet (I didn't rtfa yet) its an issues of IT funding. The infrastructure for vlans, internal firewalls, and the appropriate access controls cost money and takes staff to manage.
Re:Control your network. (Score:2, Interesting)
While I agree with some of this, it is not always possible to just drop a remote site until they "get their act together".
In the healthcare industry for instance that would be impossible without impacting patient care. You drop the site and now they can't access master patient registries, run drug interaction routines in the pharmacy systems, lookup medical records etc.
Granted there are backup procedures in place in case of catastrophies, but you have to weigh your options carefully in those environments
Re:Control your network. (Score:3, Interesting)
Re:Control your network. (Score:3, Insightful)
Engineers expect to buy shiny new manufacturing equipment and just plug-n-play with the company network. EVERYTHING runs windows now...and adding security software often is unsupported and voids the warranty of million dollar machinery!!! Heck it's hard enough just keeping vendors of systems compliant with the particulars of YOUR MS licensing agreement.
the real problem is that MS has sold business managers the promise of "commodity" PCs...they should just run to the store
Point the finger at yourself (Score:5, Insightful)
Restrict privileges. Don't allow anything that is not necessary...
Re:Point the finger at yourself (Score:5, Insightful)
We don't have the manpower to create policies on all our desktops. I know that everyone on Slashdot is going to declare that I'm incompetent, but I have no training on policies in Active Directory (I came here after managing Novell networks), and every time I start to read up on the subject, there's an emergency... someone's printer died, one of the servers is acting up, etc.
The place can't afford to hire anyone with sufficient Active Directory experience-- hell, they can barely afford to pay me. The Bonds and Levies run in this district have failed for almost the last decade.
What is your recommendation? What do I *do*?
I mean, saying that's the solution is one thing, but implementing it is another. We have some computers that need to be entirely locked-down (patient rooms), some that need to be almost entirely open (marketting and administrative), and tons that are somewhere in the middle.
Wrong approach (Score:5, Insightful)
Wrong answer. If you have a compromised system, trying to clean it is (a) likely to be really difficult, and (b) not secure.
Wipe the system, reinstall, and recover from backups. (You do keep good backups, right?) It sounds pessimistic, but in most cases an attempt to "clean" a system is going to end up with you pulling out the OS reinstall disks anyway.
That's right! (Score:2)
Your time is much better spent developing a network reimaging system so that your machines can be reverted to a known state relatively quickly.
-Peter
Re:Wrong approach (Score:2)
In addition, finding 1-2 hours of
Re:Wrong approach (Score:2)
Things like wallpapers are in the user profile, which should be synchronized with the server at every login/logout.
Where I work, PC's are just throwaway installs. In fact, I can re-install a PC with a network boot and a couple of keypresses. The user won't notice.
Users have no write permission anywhere on the C disk except in their profile ('Documents and Settings')
The 'no local data' is even a requirement, as users don't have fi
Re:Wrong approach (Score:2)
Re:Wrong approach (Score:3, Insightful)
Ok, I retract my earlier statements. Re-imaging CAN work SOMETIMES in certain situations.
Re:Right (Score:2)
Modding (Score:5, Insightful)
There are really times when I wish you could mod a submission as "Flamebait."
Re:Modding-Party line. (Score:2)
It happened to us. (Score:3, Interesting)
Since I have great respect for our IT guys (they are really scrupulous about permissions and patches), it was a sobering experience.
Treat naive users like threats (Score:4, Informative)
We had to deal with this more often than not
First off you start at the network layer, and make sure via firewalls that people can't get anywhere or use any application that will cause you grief.(p2p/streaming etc.) Then you transparently proxy all your traffic so that the guy who checks out classic-cars.com all day for backgrounds can do his thing and not screw everyone else.
Then you take every user system and you lock them down. You start out by moving all their dynamic data (that you wanna keep) to a file server. Mapping the winblows appdata/my documents gives you a wannabe roaming profile without all the garbage.
After you make all that effort you either impliment a mandatory PXE re-imaging overnight (too much of a headache for us) or you use something like Deep Freeze [faronics.com] and lock down the system entirely. Due to Deep Freeze even the most zealous surfer can only horribly damage their system once a day.
Now you have an ideal environment. All changes on a system that need a reboot *must* involve a contact to the IT department, and those you think are savvy enough not to need a frozen system can do 90% of their own support.
Ok sure so your level of responsibility goes up. The pristine environment means you have plenty of opportunity to script away your work. Not to mention silly things like virus outbreaks are really limited because a frozen system need only reboot to remove the virus.
Think *pro-active.*
Re:Treat naive users like threats (Score:2)
That's what I get for not hitting preview.
Re:Treat naive users like threats - don't forget (Score:3, Insightful)
Run security audits to make sure only the chosen few have administrator rights. This is for local PCs. Domain rights should even be more tightly controlled.
Keep AV defs updated daily. Report the numbers daily to check compliance.
Remove the ability to disable AV.
Check AV logs daily. Any report should be dispatched to a tech to "fix" the PC or determine what happened to the AV and take action according
Re:Treat naive users like threats (Score:2)
So business users who are supposed to be working are "too busy" to learn proper computer use but they do have time to install P2P software and dl warez and music (which includes time to search and select)?
Re:Treat naive users like threats (Score:2)
Re:Treat naive users like threats (Score:2)
Blame? (Score:5, Interesting)
- Running Windows
- Not using total security throughout the network.
- Allowing Users to download any tool that they want
- I will bet that they allow CD/floppy downloads.
- Probably allow Outlook (and in an insecure fashion).
And the Blame goes to:p2p software??????
Our society really suffers from a lack of taking blame.
Anybody who runs MS should know that it takes a lot of effort and money to truely lock it down. As such they should do so. It is simply part of the total cost of running a Windows system.
Re:Blame? (Score:2)
There are many valid, legal uses for P2P software. Unfortunately, many (I'd venture to say most) use it illegally. In all likelihood, the user that the poster complains about was using it that way.
But that's not what concerns me. What concerns me is that users who are willing to illegally download copyrighted musi
Re:Blame? (Score:2)
"strings" command? (Score:2)
PugsleyButt:~/devstuff/c++ jmzorko$ strings file_to_examine
It just seems to me that this would be an obvious, but fairly effective way to quickly find all the registry points (as well as DLLs and other files) that a piece off could would touch ... maybe use it in conjunction with nm as well ...
Regards,
John
Re:"strings" command? (Score:2)
s/off could/of code/g
Hey, i'm just waking up :-)
Regards,
John
Shameless plug (Score:3, Informative)
Flag on the field!!! (Score:5, Funny)
"Making up a new plural case of a word to try to sound cool", on "haxor.dk". That's a 15 yd. penalty and loss of down.
Is it just me... (Score:5, Insightful)
Re:Is it just me... (Score:2, Insightful)
Re:Is it just me... (Score:5, Insightful)
If I drive a car over a bridge, start swerving around for fun, then crash through the side guards and park said car next to a fresh-water lobster, would the goverment be responsible for failing to create a bridge that is capable of withstanding my driving?
If I install Kazaa, Comet Cursor, Internet Optimizer and surf porn all day long, would the IT department be responsible for the shit I create on the corporate network?
Analogies... (Score:5, Insightful)
"In a world where a private corporation could create a private bridge and set strict rules of usage for that bridge, would that private corporation be responsible for its own damages if its manager of Bridge Upkeep failed to set the readily available measures to prevent paid employees to swerve around for fun, crash through side guards and park said car next to a fresh-water lobster?"
Sounds more like this guy was just looking for an excuse to submit a story and use the term "pirate2pirate."
vlans and other isolation tools are your friends (Score:3, Interesting)
Limit access to the application/web server level at the router. Isolate workstations so that they can each see the file servers but not all other systems. If someone needs direct access to servers, they should have a real good reason (or it should be obvious; admins, developers.).
Keep in mind that I'm not suggesting that the limits be so strict that people are annoyed and attempt to break or ignore security. They should be well organized, though, and monitored. Reasonable exceptions should be made immediately, and unreasonable exceptions should be granted quickly with an eye to isolating the damage of that exception as much as possible.
Re:vlans and other isolation tools are your friend (Score:4, Insightful)
It's even more important. Do you want to chase problems every 5 minutes and waste your weekend? I don't!
Exactly my point!
Take one thing at a time, starting with your most troublesome group or servers. Don't grab the 300 client system nightmare first; look one server and see what it depends on. Are there 10 applications running on it? Is there a way to move one or a set of them of them off and isolated that?
If you're getting pecked to death by ducks, start by killing one duck at a time! (Or find a smaller group of ducks to kill at a new job.)
Don't let upper management know that you suceeding, though. They may want to get rid of the monkey.
Whats a firewall again? (Score:2, Informative)
C-O-R-P-O-R-A-T-E F-I-R-E-W-A-L-L
We used to have botnet probs in our corporate network... once we installed a Zonelabs Integrity server and were able to control what programs had access to the internet and which ones did not, it was pretty easy to fix.
Ahh, blame the users for Admins screwup (Score:5, Informative)
At work we have 20K users in the US alone. We actualy don't have that bad of a time dealing with viruses and worms and the like.
Why? Because 98% of the users get pushed their virus updates and their OS updates. This includes the clueless people.
We also run network scans and know WHEN computers were updated. If the computer is connnected to the network, we know what updates it has or doesn't have. The only hard part is FINDING the unpatched computers.
We also have a firewall that prevets P2P connections, FTP and anything else non web browser related (gets anoying at times).
In reading this story.. I can only assign 1% of the blame on the users and 99% of the blame on the admins for not doing a proper job.
Re:Ahh, blame the users for Admins screwup (Score:2)
I don't have nearly that many clients, but I do have the system set up to e-mail me each time signatures are updated. This includes the machine name and I kind of keep track of which ones are up to date.
more proof (Score:2, Interesting)
VLANs and Port to Port Security (Score:5, Insightful)
Re:Confirms my unease with P2P (Score:2, Insightful)
Re:Confirms my unease with P2P (Score:5, Funny)
CAN-SPAM: It's not just a horrible backronym.
Re:The root/admin flaw (Score:5, Interesting)
Another case... I used to program for a corporate environment. I was the only one who programs with conditions as to who is running the software, so I could save their data into their respective "Documents and Settings" folder, under Application Data. The rest of the developers don't care. I even set the installer to make sure only an Administrator account can install (using InnoSetup, great software).
So who's to blame? Users for running as Administrator (because they have no choice a lot of times)? Developers for not developing with multi-user environment consideration? Or Microsoft, for "hacking" Windows to become a horrible multi-user environment?
Re:The root/admin flaw (Score:3, Informative)
It's standard practice on a Windows network not to allow users administrator access. The only system that MS has ever released that encourages users to use administrator is XP Home, which is designed for home use, where that is probably more appropriate.
I find it highly implausible that the company described in the article here allowed their users to access a