See bottom for response to Matt Adcock... > > On 30 Jan 2002 at 12:47, Adcock, Matt <Matt.Adcockat_private> wrote > (in response to 'Bronek Kozicki' <brokat_private>): > [Snippet quotes-] > > [1] According to your logic, the only way to make a secure machine is to > shut everything off. That's absolutely ridiculous. > > [2] I'd really like for you to explain to me how a Windows network will > run without NetBIOS. Try shutting it down sometime - you'll break your > Windows network, even 2000. > > [3] I'd also like for you to explain to me how you can brute force attack > admin accounts just because NetBIOS is open. > > Matt > [1] Matt, there is one other way to make a machine *totally* secure: (a) Disconnect it from all networks, (b) Remove any & all wireless components, (c) Wrap it in 3 layers of aluminum foil (cheap Tempest), and (d) Either lock yourself in the computer room for life, or seal the computer in concrete or thermoplastic (your choice). Seriously, we cannot eliminate risk and continue to communicate. The best we can do with risk is to manage it. [2] DHCP and D(ynamic)DNS (Cisco or other). It's been done for years. TCP/IP works fine in a LAN and you can remove all other protocols. It also limits sniffing with a single sniffer to a single segment. (Well, OK, so it gives fits to network-type IDS software vendors.) [3] For one thing, Matt, you can't set up a firewall to block unknown NetBIOS (MAC) names, but you can set a firewall or router to block unknown or known IP address ranges and known domain names. Also, check out Hacking Exposed, Secrets & Lies, etc. Jason Robertson, in his earlier message to you, is absolutely right -- firewalls are not the be-all and end-all of security, for the primary reason that this business is the most rapidly changing of any human endeavor in the world: What was true yesterday may be false tomorrow. The more defenses we have at our disposal, the more likely we will be able to adapt one quickly to a new kind of threat. This was once more demonstrated just recently at FDIC, when we were able to quickly block the MyParty virus/worm at our domain gateway long before the new virus definitions were available from our vendor. James Butler Hickock used only one pistol at a time, but he wore two - just in case - and had a shotgun available when things got shaky. So arm yourself and your LANs, Matt! Arthur Eaton FDIC-CSIRT ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 14:19:33 PST