Re: Is there any point to full host names in /etc/hosts ?

Bit Twister wrote:
On Thu, 08 Nov 2007 09:27:28 +0100, David Brown wrote:
Given the size of our company, and the openness and freedom we like to have, together with the technical abilities of the users (they are at least fairly competent, and have no problem following rules and guidelines), we have a rather different view. People are free to use browsers as they want, as long as they are responsible. Using non-IE browsers means they have to work harder to get malware onto their machines - having a virus scanner in the path would make it even harder.

Responsible is no longer safe. Safe being a relative term.
Black hats/crackers are cracking content servers to deliver their malware.
With new malware generated every 20 minutes, just how safe could your
virus scanner be. Saw a virus report where 600,000 know pieces of
malware was used to test scanners. Best scanner result was somewhere
around .7% missed. You do the math.

Virus scanners are like seat belts, does pretty good depending on the crash.

Think about it. AV vendors have to catch the malware, generate
signature or modify the scanner, test it, move it to production, you
have to download it. There is a 1 day to 1 week hole there at best.

Malware coders are morphing the server strings which makes scanners
pretty inefficient.

AV vendors are scanning sites for malware. Malware vendors are using
blacks lists to serve up malware if the ip is not in the AV vender
black list. Makes it harder for the AV vendor to get a copy of the
lastest malware.

Here, http://sla.ckers.org/forum/read.php?3,44 click "Last" in the goto page bar and work backwards. Check the names of sites with holes in their code.

Whats the worst that could happen on your site, malware gets a password
sniffer installed and calls home. Black hat puts in some back doors, virus scanner cleans out sniffer. Your site is then used to spend a million or so dollars with stolen
credit cards or funnel money to Alcadia, and your systems are hauled
off to jail for a year or so. :-D

Have you check on your lawyer's hourly rate lately.

With that level of paranoia, what's the point of having anything connected to the internet? You make it sound as though there are gangs of crackers working round the clock on ways to break into my networks, using a combination of essentially unrelated client and server attacks.

In reality, client attacks (viruses by email, trojans by browser, etc.) and server attacks (exploiting weaknesses in web sites, etc.) are distinct, as are network attacks such as worms or ssh password cracking. They may be some connections (hacked servers used to spread trojans, etc.), but security methods are fundamentally different because you are dealing with different machines, different types of software, and different types of user.

There are also different types of crackers. Some are just messing around for fun, others are attacking specific servers or users, and others want control of as many different machines as possible.

For protection against script kiddies, the main thing is to protect against common and obvious flaws in the servers. If a script kiddie is trying to break into a ssh server, then strong passwords combined with limited connections per minute will foil them and they'll try a different victim. The same applies to organised groups - there are enough easily cracked systems around. Solid security measures such as minimising the software running on a server, isolating "risky" parts from more essential parts, etc., limit the risks. For my network, the risk of a targeted attack is negligible.

As for email attacks such as viruses, it's important to combine striping of all windows executable files with virus checking of containers such as zip files, and to educate users about safe use. Similarly, for protecting against malware from browsers, user education (such as never use IE) is essential, and technical measures such as virus scanning or blocking known malware sites add an extra hurdle for the bad guys.

All in all, security is a process of minimising the risks while giving the functionality users want (or as close to it as possible). You can never be entirely safe while connected in some way - but it's far from impossible to reach the point where network security is a minimal worry for a company or user.
.

Relevant Pages

  • Re: [Full-disclosure] windows future
    ... The reason to believe the exponential model will remain valid, ... Did you see the link I posted to the "Evolvable Malware" PPT? ... I have already decommissioned one server, ...
    (Full-Disclosure)
  • Re: Thursday Trump
    ... They have to deal with over 200,000 wild malware ... (virus, trojans and worms) ... And to penetrate a Mac OS X does not necessarily require knowing your personal system password. ... Plenty of examples of these sorts of attacks in the recent past for the Mac, which were fortunately closed up once a proof of concept was demonstrated. ...
    (comp.sys.mac.misc)
  • Re: Windows/Macro Language Info?
    ... Java scriptlets and servlets can also carry malware. ... other part of the HTTP server. ... PHP can deliver malware and coordinate attacks to precisely the ... server-side scripting languages are not. ...
    (comp.lang.cobol)
  • Re: Action Plan!
    ... 'boater.dave' group on your server which is NOT moderated by anyone at all. ... I would steer away from that newsgroup, ... | So it seems that they are lying - or I have malware on my ... while 'Nanoscan' checks, on the same system in 20 seconds, well, who ...
    (microsoft.public.security.virus)
  • Re: A serious threat to our national security
    ... | 'Legit' website compromises reach epidemic proportions ... | Once upon a time surfers could stay unmolested by malware by staying ... ScanSafe blames the increase on attacks that have ... ScanSafe reports a 220 per cent increase in the amount of ...
    (sci.electronics.design)
Loading