[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Jay Sulzberger jays@panix.com
Wed Jan 29 21:52:27 PST 2003


On Wed, 29 Jan 2003, Rick Moen wrote:

> Quoting Karsten M. Self (kmself@ix.netcom.com):
>
> > While it's fun (however unsporting) to blast away at Microsoft for its
> > security deficiencies, IMO the free software world should view the
> > Sapphire / Slammer worm as more a cautionary tale.  This is the sort of
> > attack which _could_ potentially hit GNU/Linux or another 'Nix.
>
> Oh, I'm sure it will.
>
> Schneier says that patching to keep up is an unworkable strategy, but
> he's not done much to describe alternatives.  So, one personal
> first-approximation remedy is to at least try not to be part of the
> problem when it happens, by picking appropriate software, keeping
> windows of vulnerability short, and other practices.

Proper autonomic controls using standard statistical tracking of what the
whole system is doing.  Word of power: changepoint.

>
> Appropriate software:  Few sits need the feature sets of Apache and
> wu-ftpd/Proftp.  Smaller, more conservatively written httpd/ftpd options
> will often suffice.  Nobody still needs Berkeley lpd.
>
> Windows of vulnerability:  Read security advisories.  Use the best
> updating regime you can find for your distribution.  Run AIDE or
> Integrit to catch exploits that got past you.
>
> Other:  IP-filtering rulesets.   Analyse your logfiles.  Consider threat
> models, risk reduction, options for defence in depth, system-hardening,
> compromise identification and recovery procedures.  Do you have an
> explicit security policy?  Have you considered how best to audit your
> system security, and have you done it?  Tested your backups?  Physical
> security?
>
> --
> Cheers,              "It ain't so much the things we don't know that get us
> Rick Moen            in trouble.  It's the things we know that ain't so."
> rick@linuxmafia.com             -- Artemus Ward (1834-67), U.S. journalist

ad last paragraph: Yes.

oo--JS.



More information about the linux-elitists mailing list