Cable Forum
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Security & Virus Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=38)
-   -   Patch all those windows boxes (https://www.cableforum.uk/board/showthread.php?t=33699375)

qasdfdsaq 21-11-2014 02:46
Re: Patch all those windows boxes
 
Yes, we have change management and tons of over the top RFC processes though none of my servers have to deal with them (nor are any of them running Windows).

However both here and at many other HEIs there are domain controllers operating AD accounts for many thousands of uncontrolled users, including public and guest accounts. This'll be very fun for them to deal with - given there'll be a distribution of tens of thousands of student accounts and any staff member has the ability to auto-create guest accounts for anyone who walks off the street without requiring approval. Public libraries and the like will likewise be highly vulnerable.

Makes that other incident at an institution-who-shall-not-be-named that recently found some hardware keyloggers plugged into the back of their corporate machines seem pretty tame in comparison.

Qtx 21-11-2014 13:09
Re: Patch all those windows boxes
 
Network/traffic monitoring and applying related snort rules (or similar) is the best bet for stopping these. These days there is a market for selling efficient rules quickly, so companies and organisations that subscribe to various services are better prepared than others that might wait for public info. Might not be so bad for your lot due to this :)

These rules are not always perfect at first though.

qasdfdsaq 21-11-2014 15:41
Re: Patch all those windows boxes
 
Sadly our border firewalls are too primitive to do much deep filtering, plus we have a global block-inbound rule anyway which helps against many server-side vulnerabilities.

Regardless I just look after the research servers and nobody really cares if they break. We've yet to suffer any detectable compromise, almost miraculous considering I caught somebody running phpMyAdmin on a public server yesterday with the username and password set to 'root' and 'root'. I may need to dig out the good ol' LART.

But seriously, human error (aka PEBKAC) is generally a bigger problem than many of these mentioned vulnerabilities for organizations that don't really have any commercially sensitive information.


All times are GMT. The time now is 03:52.
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum