On Tue, 12 Aug 2003 15:49:31 -0400, kenneth@berntsen.cc ("Kenneth
Berntsen") wrote:
>Okay so if you have a firewall you should only have necessary ports open
>for incoming traffic.
>
>You should have been blocking all of the ports listed below if you didn't
>then why bother with a firewall?
The best way is to block everything and then specifically allow only
what you need.
>Also if you're running a Microsoft OS you should be subscribed to the
>Microsoft Security Bulletin. I got a notice about this problem over a
>month ago, the patch has been available since July 16th.
Agreed. Either that or check Windows Update on a weekly basis. Or
both.
>BTW if you run Linux you should be subscribed to one of the Linux security
>bulletins.
Definitely! You should really be subscribed to the list for your
particular distribution so you know when they release the fixed
packages.
On the other hand, I've made (and continue to make) a lot of money
cleaning up hacked Linux servers because people were sloppy with the
updates (or didn't do any updates at all). Far too many people think
that once they install Linux, they're not vulnerable to any attacks.
That simply isn't the case. While you aren't vulnerable to the
Windows exploits, you are vulnerable to the whole array of Linux/Unix
exploits which vary depending on what services you are running.
>Lets all try to practice safe computing and the internet will be a much
>better place. ;)
Ain't that the truth.
-Bill
</OT> :-)
This archive was generated by hypermail 2b29 : Fri Feb 06 2004 - 11:46:46 EST