The Web    Google
AntiOnline Spotlight: Network Security Made Easy?

AntiOnline Spotlight: Network Security Made Easy?
January 14, 2005

There's nothing easy about securing a network, or is there?

Like clockwork, administrators predictably scramble to see what, if any, dangers the latest published vulnerabilities pose to their network. Then there's the seemingly interminable wait for a patch and/or complex task of implementing work-arounds that won't break your current setup. This was especially true in 2004.

Did a sudden torrent of security bulletins turn your daily routine into an overwhelming task? A little foresight and preparedness can make it a walk in the park.
But a savvy administrator will learn how to spot the larger, overall trends and address those instead of constantly extinguishing a thousand tiny fires. And in the absence of a timely patch, many will find that it's the only defense against fast-acting attackers.

It turns out that with a little research, administrators needn't put themselves at the mercy of technology vendors, in this case Microsoft. While the engineers in Redmond toil to stamp out the latest crop of bugs, a few policy changes and user management tweaks will render all but the most complex problems a non-issue.

Of course, some of the changes are sweeping, and that's when it helps to be nicely perched atop your IT department's totem pole. But even mid-level staffers and outright newbies can save precious time and effort by adopting (as cliched as it sounds) some "big picture" thinking.

Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.

This Week's Spotlight Thread:
Network Security Made Easy?

Tiger Shark is of the belief that corporate networks and end-user systems needn't float around in limbo until an official patch is developed.

As the result of a comment made here earlier this week, to which I responded, that there is always a technique to mitigate a threat until a patch is available I thought it would be of interest to look at all the security bulletins for 2004 and extract those that pertain to "normal" systems, survey them and determine what basic things we can learn from the vulnerabilities in 2004. I decided to do this because it struck me that throughout all of last year, I really didn't worry too much about the patches to internal machines after I had seen the advisories.

There were 45 Security Bulletins issued by Microsoft in 2004, of which 12 were not applicable due to them referring specifically to software such as ISA server, Exchange, etc., leaving 33 bulletins to be assessed. Some Bulletins addressed multiple vulnerabilities so the total vulnerabilities to be assessed are 68.

After some analysis, the risks boiled down to:
Of the 55 remaining vulnerabilities all were mitigable with one of the following techniques:
  • Disable ActiveX and Active Scripting in IE security, (links to the next one)
  • Raise the security level of the Internet and/or local zone in IE security to high
  • Read email in plain text
  • Disable connector in the registry
  • Unregister the component
  • Good firewall practices
But wait, here's the kicker:
So the upshot is that four skills are required to enable a Network Administrator to mitigate more than 80% of all vulnerabilities that occurred in 2004:
  1. The ability to manipulate the behavior of IE through Group Policy.
  2. The ability to create a .reg file and run it through a login or startup script.
  3. The ability to script an unregister a component through a login or startup script.
  4. The ability to properly manipulate their firewall.
I would suggest that those skills would serve you well in the years to come.
Can just a handful of skills really put that much of a dent in your security woes? Sound off here.

  • Will Users of Word 97 'Bug' Out?
  • 10/12: Bagle-AC Worm Sends Fake Message
  • 9/9: Trojan.Riler Installs Itself As LSP
  • Check Point Appliances Target Small Businesses
  • McAfee Taps Grid Power, Web Services To Boost Security
  • OpenVMS: An Old OS Hasn't Lost Security Footing
  • 9/8: IRCBot-G Trojan Opens Backdoor
  • Citadel's Latest Automates W2K3 Vulnerability Remediation
  • 6/14: Spybot-CO Spreads via KaZaA Network
  • Palyh and Fizzer Top Troublemakers in May
  • 4/29: Kelvir-D an IM Worm
  • Security Camera Price