[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Rick Moen rick@linuxmafia.com
Wed Jan 29 16:57:43 PST 2003


Quoting Karsten M. Self (kmself@ix.netcom.com):

> While it's fun (however unsporting) to blast away at Microsoft for its
> security deficiencies, IMO the free software world should view the
> Sapphire / Slammer worm as more a cautionary tale.  This is the sort of
> attack which _could_ potentially hit GNU/Linux or another 'Nix.

Oh, I'm sure it will.  

Schneier says that patching to keep up is an unworkable strategy, but
he's not done much to describe alternatives.  So, one personal
first-approximation remedy is to at least try not to be part of the
problem when it happens, by picking appropriate software, keeping
windows of vulnerability short, and other practices.

Appropriate software:  Few sits need the feature sets of Apache and
wu-ftpd/Proftp.  Smaller, more conservatively written httpd/ftpd options 
will often suffice.  Nobody still needs Berkeley lpd.  

Windows of vulnerability:  Read security advisories.  Use the best
updating regime you can find for your distribution.  Run AIDE or
Integrit to catch exploits that got past you. 

Other:  IP-filtering rulesets.   Analyse your logfiles.  Consider threat
models, risk reduction, options for defence in depth, system-hardening,
compromise identification and recovery procedures.  Do you have an
explicit security policy?  Have you considered how best to audit your
system security, and have you done it?  Tested your backups?  Physical
security?

-- 
Cheers,              "It ain't so much the things we don't know that get us
Rick Moen            in trouble.  It's the things we know that ain't so."
rick@linuxmafia.com             -- Artemus Ward (1834-67), U.S. journalist



More information about the linux-elitists mailing list