Re: Mutilple domain names on SBS

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 06/30/04

• Next message: Chad A. Gross [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Previous message: Frank McCallister: "Re: ISA trouble"
• In reply to: root: "Re: Mutilple domain names on SBS"
• Next in thread: root: "Re: Mutilple domain names on SBS"
• Messages sorted by: [ date ] [ thread ]

Date: Tue, 29 Jun 2004 20:43:29 -0700

..and remains up to date with patching.

Sign up for security bulletins and get informed on mitigation tactics.
Right now mere patching alone is not enough.

Take for example the IE vulns. No patch exists, and you need to kill
the adodb bit, use an alternative browser, or use an eEye registry tool

eEye Digital Security - Vulnerability Management Solutions:
http://www.eeye.com/html/research/alerts/AL20040610.html

Closing the adodb issue closes the possiblity for this latest zero
vulnerability from running, as it requires it to run. Microsoft has not
considered the fact that the adodb issue allowing code to be run in the
"My Computer" zone to be a security problem, however multiple issues of
this have been made.

Root? When I can outsource my web site for a dirt cheap price and keep
port 80 closed and thus bypass any vulnerability on this web page
associated with port 80, don't I have a responsibility to the data of my
clients inside my network to take a reasonable precaution to be safe?

Ports Associated with Known Vulnerabilities and Exploits:
http://www.us-cert.gov/current/services_ports.html

I'm either loading up XP sp2 rc2 or running that IE registry fix tonight
to ensure that I do not put my clients at risk when my workstations are
surfing the Internet.

You may think that's "Chicken Little.
I think it's being prudent.

But it's your network Root.

root wrote:
> "Javier Gomez [SBS MVP]" <javier_gomez@remove.this.engineer.com> wrote in
> message news:%23pIA1$kXEHA.212@TK2MSFTNGP12.phx.gbl...
>
>
>>I agree 100%... just make sure it is properly installed and configured.
>
>
> And therefore go right ahead and host your company's websites.
>
>

-- 
http://www.sbslinks.com/really.htm

• Next message: Chad A. Gross [SBS MVP]: "Re: ISA > ISA Client > Configuring laptops"
• Previous message: Frank McCallister: "Re: ISA trouble"
• In reply to: root: "Re: Mutilple domain names on SBS"
• Next in thread: root: "Re: Mutilple domain names on SBS"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages [UNIX] Cisco Security Agent for Linux Port Scan DoS ... Get your security news from a reliable source. ... Cisco Security Agent for Linux Port Scan DoS ... Cisco Security Agent (CSA) for Linux contains a denial of service ... There are workarounds for this vulnerability. ... (Securiteam) Re: pen test ... you pen test your host, I could have said ask them, but instead provided ... of a Vulnerability Identification step of a Risk Management plan. ... **System security testing, using methods such as automated vulnerability ... For example, an open port, let's say, port 80 is open on your host. ... (Security-Basics) Re: pen test ... of a Vulnerability Identification step of a Risk Management plan. ... **System security testing, using methods such as automated vulnerability ... just need to VM the box and pen test if off the VM not the live. ... For example, an open port, let's say, port 80 is open on your host. ... (Security-Basics) [EXPL] UPNP Exploit Code Released ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... a security vulnerability in the ... * at port 5000. ... int main ... (Securiteam) SecurityFocus Microsoft Newsletter #165 ... Tenable Security ... distribute, manage, and communicate vulnerability and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln... ... (Focus-Microsoft)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint