Still need to patch?

[Guest]

Archived from groups: comp.security.firewalls (More info?)

We are a small business running Windows 2000 Pro and Server. We are
behind a Cisco firewall. How critical is it to run the Windows
updates? Will the firewall protect against the Windows
vulnerabilities? We have a strange problem where SUS and Automatic
Updates will not run because we have Office installed from a network
Admin image. MS could not figure out the issue.

Are we safe or not?

Bill

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

You need to patch the OS. Security is in depth, not only at the perimiter.
Does anybody ever come into the office with a laptop? Does anybody ever
read email? Yes? Then you need those desktops and servers patched.

If I had <some small amount of money> for every time I saw a network that
didn't take security in depth into account and had problems (hence my seeing
the network), I could <insert some not so exaggerated spending example>.

If you can do windows update, download the individual patches and apply them
after having good backups of your servers.


--
********************************************
Wayne Smith, CNE/MCSE/CCNP/CCDP/CSS1/Linux+
Advanced Computer Connections
http://www.accnorwalk.com

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <f13c1f0d.0405050440.76543ce7@posting.google.com>, bshort1023
@yahoo.com says...
> We are a small business running Windows 2000 Pro and Server. We are
> behind a Cisco firewall. How critical is it to run the Windows
> updates? Will the firewall protect against the Windows
> vulnerabilities?

You still new the Updates, do them every couple days or at least once a
week.

> We have a strange problem where SUS and Automatic
> Updates will not run because we have Office installed from a network
> Admin image. MS could not figure out the issue.

I've seen this a zillion times. Someone installs Office from a share,
the share is removed (or it was a the shop where they built the systems)
and the install files are no longer available, even another CD won't
help... I've called MS, hacked the registry, etc... Short of wiping the
computer there is little that can totally fix the problem - I was able
to get another version to install, but the updates kept looking for the
old Admin install files/location on the network.

> Are we safe or not?

If you are not doing updates, including Office updates, you are not
safe. In reality you should assume that you are always vulnerable and
everything is suspect, that will cause you to be more careful when you
do anything.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Bill Short wrote:
> We are a small business running Windows 2000 Pro and Server. We are
> behind a Cisco firewall. How critical is it to run the Windows
> updates? Will the firewall protect against the Windows
> vulnerabilities? We have a strange problem where SUS and Automatic
> Updates will not run because we have Office installed from a network
> Admin image. MS could not figure out the issue.
>
> Are we safe or not?

You are NOT.

All it takes is one user with a laptop, or a mode change on the
Sasser distro, from net worm to email worm . . . and GOTCHA!

Unless you have personal firewalls on each machine, a single
infected machine inside your network will rapidly result in a
completely infected network.

Keep in mind that many of the viruses released in the last 6
months have achieved major penetration BEFORE the major AV
companies had sigfile updates available. (Yet another reason
to 'hide' Mozilla behind that ubiquitous 'e' icon, and
Thunderbird, behind the Outlook icon!)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Bluto <arf-arf@doubleclick.net> wrote in message news:<6didnWv1oOgm1wfdRVn-sQ@comcast.com>...
> Bill Short wrote:
> > We are a small business running Windows 2000 Pro and Server. We are
> > behind a Cisco firewall. How critical is it to run the Windows
> > updates? Will the firewall protect against the Windows
> > vulnerabilities? We have a strange problem where SUS and Automatic
> > Updates will not run because we have Office installed from a network
> > Admin image. MS could not figure out the issue.
> >
> > Are we safe or not?
>
> You are NOT.
>
> All it takes is one user with a laptop, or a mode change on the
> Sasser distro, from net worm to email worm . . . and GOTCHA!
>
> Unless you have personal firewalls on each machine, a single
> infected machine inside your network will rapidly result in a
> completely infected network.
>
> Keep in mind that many of the viruses released in the last 6
> months have achieved major penetration BEFORE the major AV
> companies had sigfile updates available. (Yet another reason
> to 'hide' Mozilla behind that ubiquitous 'e' icon, and
> Thunderbird, behind the Outlook icon!)


We have personal firewall on all laptops and the laptops run Automatic
Updates. The servers also run Automatic Updates. Also have an email
filter which scans for viruses and Exchange Server behind that
scanning for viruses. McAfee on all PC's with internet access.

I do get the point though, too much security is never a bad thing. I
have been considering Mozilla.