NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Code Red: What security specialist don't mention in warnings



Are you done with your preaching? 'cause I want to know when the picnic
starts so I can get in the food line...

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Wolfgang Kueter
Sent: Thursday, August 02, 2001 7:11 PM
To: [email protected]
Subject: Re: [FW1] Code Red: What security specialist don't mention in
warnings



Frank Knobbe wrote:

> I'm sure you have heard and read plenty of warnings about the Code
> Red worm, which is supposed to awake again. [...]

Actually I find Code Red warnings mostly boring.

> Many security experts and organizations are recommending to apply the
> patch from Microsoft in order to prevent the worm from infecting the
> web server. And while patching a system is an important step, that
> seems to be all they are recommending.

I'd recommed another solution:

1. Backup the whole web server html directory tree
2. Power down machine
3. Insert open source uni#-style OS bootable CD (free BSD or Linux
should do), boot machine, delete all windows partions on all hard disks
during installation.
4. Install OS, switch off every unneccessary service
5. Install apache
6. Configure apache
7. Restore html tree from backup files
8. Forget about Code Red

> Everyone appears to be focusing on the patch.

I'd rather focus on using another system.

> a) Download and install the patch from Microsoft (available at
> http://www.microsoft.com/technet/security/bulletin/MS01-033.asp).
>
> b) In addition, review your firewall rules and make sure your web
> server can not establish connections to the Internet. If you have not
> protected your web server with a firewall, this worm may give you
> another incentive to do so.
>
> There are certainly other steps and precautions that can be taken.

Yes, especially doing fdisk and replacing win2000/NT IIS by something
else.

> However, above are the most effective in regards to the Code Red
> worm.

The most effective way regarding Code Red, E-Mail worms like Hybris and
most of all the other malware is simply to avoid using any software
coming from Redmont.

Wolfgang


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.