>> Valdis Kletnieks said: >> Of course, this begs the question of how to get the patches onto the >> system. Recently, one of my co-workers needed about 3 hours to >> download SP3 .... So we're fast approaching the point (if we haven't >> long since passed it) >> where the average time to download the patches is less than the >> average time to get 0wned. 1) Ensure that you have an effective perimeter firewall that blocks all incoming traffic to the new box 2) Connect ONLY to the sites needed to download patches - starting with Windows update, or your specific operating system equivalents If you are really paranoid (like I am ;) 1) Harden the box PRIOR to connecting 2) Run a personal firewall on the box that is collecting patches, making sure that you allow no incoming traffic NEVER EVER put an un-patched, un-firewalled box directly onto the Internet (with all those nice juicy ports wide open) since yes, it can get 0wn3d before you have patched it (though if it's not effectively firewalled then you still have a problem anyway). Only once patched should you consider opening ports for incoming traffic. It's not that hard really.....;) Regards -- Emeric Miszti UK Security Online http://www.uksecurityonline.com Tel No: 0870 088 5689 Fax No: 0870 706 2162 PGP Public Key available at http://www.uksecurityonline.com/emeric.asc ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Nov 23 2002 - 00:17:49 PST