David
Thu Aug 21 09:57:55 CDT 2003
Susan,
What Firewall product do you use on the clients?
TIA
Dave
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:3F443079.F92B9D0@pacbell.net...
> Sorry Kevin...but man this is a really big pet peeve on my part.
>
> That messenger spam is a symptom that you need a firewall dude.
>
> Okay... we have a remote user...they VPN in... let's say they don't have
> a firewall and have any of the 135-139 ports open... until Msblast made
> everyone patch, you could have literally thrown a script [freely
> available on several web sites] and gotten to a c: prompt on that system
>
> If the remote client doesn't have it's ports in "battle ready mode" then
> the minute that laptop connects via VPN, the firewall on that SBS has no
> powers any more... whatever gets into that non-firewalled laptop, gets
> into that server.
>
> Don't shut off that messenger service..it is trying to tell you that
> you've got holes in your remote user systems.
>
> No laptop in my office goes out without a firewall.
>
> KevinC wrote:
>
> > >-----Original Message-----
> > >Hi David,
> > >
> > >I like Trend products. In fact, I really like Trend
> > products I haven't used
> > >the newest offering extensively yet, but I can tell you
> > that Officescan 5.5
> > >(for SBS2k) offers very nice protection capability for
> > mobile and/or remote
> > >users.
> > >
> > >Another very good Trend product is pc-cillin. One
> > advantage of pc-cillin for
> > >mobile or remote users is that it has built in firewall
> > capabilities. At
> > >about $50 canadian bucks per box it's quite reasonably
> > priced considering
> > >how well it's put together.
> > >
> > >--
> > >Les Connor
> > >------------------
> > >[SBS MVP]
> > >
> > >
> > >
> > >"David Taylor" <nospaming@t.com> wrote in message
> > >news:evfsKNzZDHA.2344@TK2MSFTNGP09.phx.gbl...
> > >> Kevin,
> > >>
> > >> Thanks for the response. I am mealy looking to
> > protect the remote
> > >clients.
> > >> The server and the internal network is protect. I am
> > looking suggestions
> > >> for the remote clients to stop the "messenger" spam
> > note that come up and
> > >> any hacking attempts on only the remote machines.
> > >>
> > >> Thanks
> > >> Dave
> > >>
> > >> "KevinC" <kcashion@fflc.com> wrote in message
> > >> news:0e5001c3672b$a5db8e70$a601280a@phx.gbl...
> > >> >
> > >> > >-----Original Message-----
> > >> > >We have a number of remote users that access the
> > system
> > >> > via dial up account
> > >> > >to isp's and then vpn into the system. With the
> > >> > problems that have been
> > >> > >exposed via Blaster worm etc.. what would be the
> > >> > recommended way to secure
> > >> > >these clients from attacks from viruses and port
> > >> > scanning etc..
> > >> > >
> > >> > >I must point out that all the machine's have av
> > software
> > >> > loaded and they
> > >> > >have the latest updates automatically installed.
> > Is the
> > >> > only way to have
> > >> > >ZoneAlarm or other personal firewall software
> > loaded on
> > >> > the machines. What
> > >> > >do you guys use. I would normally expect remote
> > users
> > >> > to have a hardware
> > >> > >firewall but as they are accessing via BT OpenWorld
> > >> > accounts then they are
> > >> > >unable to have multiple IP's. Any suggestions?
> > >> > >
> > >> > >TIA
> > >> > >Dave
> > >> > >
> > >> > >
> > >> > >.
> > >> > >To protect the clients from future problems I would
> > >> > impose a software firewall and make sure that port
> > 135 is
> > >> > blocked. But really, if you have applied the update
> > from
> > >> > Microsoft then this particular worm is protected.
> > >> >
> > >> > To protect the server, assuming you have a firewall,
> > then
> > >> > you most likely have this port blocked by default, or
> > >> > should. Also applying the Microsoft patch at the
> > server
> > >> > give you second level protection.
> > >>
> > >>
> > >
> > >
> > >.
> > >Me again - about that "messenger spam" on client
> > machines (unless you are dependant on actual messaging
> > from server to client) not Windows Messenger or MSN
> > messenger . . . got to XP remote machines, open Services,
> > then stop service called "Messenger", get properties on
> > it, and make startup type Manual. This will end that
> > annoying messenger spam for good.
>
> --
> "Don't lose sight of security. Security is a state of being,
> not a state of budget. He with the most firewalls still does
> not win. Put down that honeypot and keep up to date on your
> patches. Demand better security from vendors and hold them
> responsible. Use what you have, and make sure you know how
> to use it properly and effectively."
> ~Rain Forest Puppy
>
http://www.wiretrip.net/rfp/txt/evolution.txt
>
>