You're right Steve when you say;
? But would you not have these boxes that require patching (new builds or
whatever) in a secured environment?
But can I guarantee that every thing that needs to be filtered
is--especially for a new exploit? I obsess about becoming
complacent-paranoia has become my middle name.
I don't know how likely it would be for something new to jump onto a port
that we have to have open for whatever reason and get in but as I am a one
man show(from writing/enforcing policy to troubleshooting hardware to
purchasing etc etc) when it comes to IT in the office, then it means that
time is always my biggest battle here.
Automation is great but even then, things need monitoring.
I guess my 'what if' was in the realms of unlikely but still...
I take your points about testing though and it makes me think that
convincing the 'powers that be' of having test machines/policies pays in the
long run. Reality is though, that it most likely won't appeal as a priority.
-----Original Message-----
From: Steve Manzuik [mailto:smanzuik@eeye.com]
Sent: Wednesday, August 31, 2005 8:53 AM
To: Murad Talukdar
Subject: RE: exploit to vulnerability
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@subway.com]
Sent: Sunday, August 21, 2005 9:00 PM
To: 'Murad Talukdar'; focus-ms@securityfocus.com
Subject: RE: exploit to vulnerability
<snip>
I guess the window, on average, is bigger than I thought, however, the
top end of the exploit bell curve may well mean 0-day(or close enough)
for a few. And as we all know, that one which gets in could be the one
that does enough damage. So I would certainly like to use that scale in
my 'lead time'
rather than say, 'What me worry? I've got (on average) four weeks.'
---------------------------------------------------
But would you not have these boxes that require patching (new builds or
whatever) in a secured environment? Sure, take an unpatched box and put
it on an unprotected network with zero filtering in place and it will be
ultimately owned and owned quickly but in your specific case, I doubt
this is what is done.
Signed,
Steve Manzuik
eEye Digital Security
T.949-900-4118
C.949-874-4397
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
Important Notice: This email is confidential, may be legally privileged,
and is for the intended
recipient only. Access, disclosure, copying, distribution, or reliance
on any of it by anyone else
is prohibited and may be a criminal offense. Please delete if obtained
in error and email confirmation
to the sender.
I read my email with Outlook
I read your email with Iris
---------------------------------------------------------------------------
---------------------------------------------------------------------------
