Re: Software Firewall (2003)

From: Mike Smith (mike_z_at_excite.com)
Date: 11/15/04 

Date: Mon, 15 Nov 2004 14:43:46 -0500

On Mon, 15 Nov 2004 11:05:17 -0500, "Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote:

>The larger issue is why this laptop was allowed to be connected to the
>network

The company is a group of doctors, and after enough beatings from
doctors who just had to "have full access to their machines", I gave
in during a IT meeting a month before the incident. I basically had
one doc who said that he wanted his machine to "act like a $3000
computer" but it was not doing so since I had certain restrictions in
place.

>and if it was a domain member, why it didn't have centralized AV
>software on it!

Centrally managed Trend Micro Office Scan somehow did not find it,
neither did Trend Housecall (post infection) or Stinger, or Mcafee, or
Symantec. I ended up rebuilding the machine after a day of searching
for an answer. There were many instances of SVCHOST.EXE building many
NATs to my router.

>Did someone just come in and plug it in, unauthorized?

No.

>Does the company have a policy stating that this is not allowed?

Yes. Some Doctors (owners) do not believe this applies to them.

>(not simple) to control whether a computer gets access to your network (gets
>an IP address via DHCP, etc) ...might be worth looking into. Also, all

I would LOVE to do that, but that would not be allowed.

>computers/servers need good antivirus, and need to be kept patched to the
>gills with all critical updates to mitigate disasters like this....

I use SUS, and Trend Scanmail, Office Scan and Server Protect. I
thought Trend was pretty good until this incident. I also have XP SP2
on most XP machines now.

Thanks for the infomation. Corporate policies are great, unless there
are people out there looking for me to make exceptions. I hope this
would be a valuable lesson for all of us, but I still get requests to
weaken GP, or give admin rights to laptops. I play the game, too,
like giving Power User access instead of admin, and setting up a OU
with a very similar set of restrictions excpet for one or two.

Our main infrastructure here is Citrix, so I have a strong GP already.
My main concern is that if this could happen on a laptop, it could
happen on a server. I am making the assumption that this thing,
whatever it was, had to have been a port attack of some sort.

Mike

Relevant Pages

  • Re: $39 bucks for two stickers- WTF
    ... repairing EM machines in people's homes in the Detroit area. ... people I knew who owned pins were, for the most part, Doctors and ... someone did the inflation calculator thing and pinball machines are actually cheaper now than they used to be - which makes sense, a new machine today is about 1/4 of the average car, and in 1979 it was almost the same price. ...
    (rec.games.pinball)
  • Re:Enterprise AV
    ... Recently i have deployed the Trend Micro solution in my ... has a tool wich scans your network for unprotected machines, ... > In particular I am concerned with, ease of deployment, usefu ... > - Precisely Define and Implement Network Security ...
    (Security-Basics)
  • Re: antivirus help
    ... I use Trend on all my machines, it's a little more expensive than free, but ... has a very nice firewall and is supported. ... > born son??many many thanks from concerned dad ...
    (microsoft.public.windowsxp.security_admin)
  • Pinballs in furniture stores?
    ... Hey all, I just wanted to find out if this was a trend all over, or ... just in the Reno area. ... believe the condition or the prices of the machines. ...
    (rec.games.pinball)
  • RE: clock
    ... Same issue on my home compuer and now I see it migrating to work XP machines, haven't found a fix or work around yet. ...
    (microsoft.public.windowsupdate)