[Gllug] Net outages caused by worm possibly

[Jason Clifford]

On Mon, 27 Jan 2003, Tethys wrote:

> >A VPN is not going to protect you from a worm such as the MS-SQL users 
> >experienced over the weekend.
> 
> I beg to differ. Sure, it wouldn't protect you if the remote site was
> infected, but if would protect you from the rest of the internet.
> Besides, the VPN suggestion was in response to asking how to replicate
> distributed databases without making the database remotely accessible
> over the internet.

I read the question as being a two-parter with the other part being 
authorised remote access.

I agree 100% that if you have to do it a VPN is necessary. I just wanted 
to point out that security it is not unless you control all of the 
networks involved.

As someone else has pointed out it is easy to suddenly find that a 
developer on an unprotected box has allowed the infection into the network 
and then it's everywhere including over the VPN links.

> Agreed. A VPN doesn't buy you instant security. If you don't control both
> ends, then you have to treat it as you do any other point of entry to your
> network -- firewall and authenticate as appropriate.

Was authentication relevant to this worm? My understanding is that it was 
not and that all it needed was udp access to the port.

I'm just glad that none of our colo customers run any form of Windows.

Jason Clifford
-- 
UKFSN.ORG		Finance Free Software while you surf the 'net
http://www.ukfsn.org/			Sign Up Now


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug