Friday, February 18, 2005

Microsoft Security Awareness training

This is just too funny to pass up.

So far, malware's winning the war of attrition.

Well, at least Microsoft Anti-Spyware is going to be free.

Too bad there's already malware which targets it.

You do have a real hardware firewall, don't you? If not, there's no reason why you shouldn't -- here's my OpenBSD recipe that works beautifully on inexpensive hardware, and has big-bucks features like stateful filtering, source tracking, bandwidth queuing, NAT, OS detection, adaptive state table timeouts, MAC address tagging (with brconfig), macros and tables, and hardware failover capability. All for the price of an OpenBSD CD and whatever hardware you run it on.

(One of the firewalls I set up for a class C network was a Pentium 166 with 32MB of RAM, and it mostly sat at 99% idle filtering a 100MB full-duplex LAN. OpenBSD has a very efficient network stack. When I've gone around to help setup OpenBSD firewalls for departments at UC Davis, we mostly recycle leftover desktops that have been replaced.)

Of course, to help deal with malware you'll also have to do egress filtering (not just ingress filtering, where most rulesets stop), and as always, keep your systems patched.

But then, there's no such thing as a panacea.

Did I also mention that pf rules are nearly plain-language?

pf r0x0rs!

No comments: