[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Code Red: What security specialist don't mention in warnings
Are you done with your preaching? 'cause I want to know when the picnic starts so I can get in the food line... -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Wolfgang Kueter Sent: Thursday, August 02, 2001 7:11 PM To: [email protected] Subject: Re: [FW1] Code Red: What security specialist don't mention in warnings Frank Knobbe wrote: > I'm sure you have heard and read plenty of warnings about the Code > Red worm, which is supposed to awake again. [...] Actually I find Code Red warnings mostly boring. > Many security experts and organizations are recommending to apply the > patch from Microsoft in order to prevent the worm from infecting the > web server. And while patching a system is an important step, that > seems to be all they are recommending. I'd recommed another solution: 1. Backup the whole web server html directory tree 2. Power down machine 3. Insert open source uni#-style OS bootable CD (free BSD or Linux should do), boot machine, delete all windows partions on all hard disks during installation. 4. Install OS, switch off every unneccessary service 5. Install apache 6. Configure apache 7. Restore html tree from backup files 8. Forget about Code Red > Everyone appears to be focusing on the patch. I'd rather focus on using another system. > a) Download and install the patch from Microsoft (available at > http://www.microsoft.com/technet/security/bulletin/MS01-033.asp). > > b) In addition, review your firewall rules and make sure your web > server can not establish connections to the Internet. If you have not > protected your web server with a firewall, this worm may give you > another incentive to do so. > > There are certainly other steps and precautions that can be taken. Yes, especially doing fdisk and replacing win2000/NT IIS by something else. > However, above are the most effective in regards to the Code Red > worm. The most effective way regarding Code Red, E-Mail worms like Hybris and most of all the other malware is simply to avoid using any software coming from Redmont. Wolfgang ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|