RE: Test for Internet Link availability

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 22 Sep 2003 23:00:08 -0700

First of all, I know that I sometimes come off too harsh. 

 

As you quoted "I do what I can, where I can with what I have," there are
some things you could do to lessen the impact and spread of viruses. (I will
save the need for a top notch AV software for later.)

 

1. Block all ping packets, both inbound and outbound on the ISA server. (I
assume you are using ISA as your firewall since you are asking on the ISA
list. If not, do this on what ever firewall or router you have. If you have
no router or firewall under your control, the problems are deeper than can
be addressed here.)

 

2. Keep systems updated. Take a look at SUS. In your situation, if I am
reading between the lines correctly, you are sole person responsible for
upkeep on close to 1550 computers. You need to find resources that can help
you do that job. SUS from MS is free, and does the job of passing out
patches, and now service packs, very nicely. Yes, this is additional work to
set up, but if you are in charge of that many computers, you need to use
what resources are available, and this is a free one.

 

3. MS published the vulnerabilities that allowed computers to become
infected with those viruses about a week or two before the viruses came out.
You could have made sure there was no way the viruses could have come in
through the Internet. That means blocking the ports that the viruses use. (I
am not going to touch on laptops.) Again, one way to do this is to limit
access to web based e-mail (Yahoo, AOL, MSN, Hotmail, etc) that can allow
e-mail attachments to enter the network. Of course, there is software that
can be used at the gateway to block web attachments as well.

 

4. You need to be more confident in stating your case to the powers that be.
For example, have you had this conversation with your boss: "You do not want
to spend money on this software that can help protect out network? And then
what happens when the personal data on your workstation is broadcast to the
Internet by a virus? Or then what if your hard drive is wiped out by a
virus?" Yes, I know, IT budgets are always the first to go. However, as you
quoted, it is up to us to be resourceful. 

 

Now, having said the above, I still can not help but wonder about some one
trying to figure out how to solve a problem with bandwidth saturation,
partly do to outbound ping requests, when that person does not take a simple
step to stop them. 

 

As far as your DNS problems, it is much better to first solve the obvious
problems, and then work from there.

 

But, since I have now brought that up, have you done any of the items that
myself and others suggest when DNS problems arise? Things like making sure
the forwarders are still working, checked to make sure the DNS service
(assuming MS DNS for a AD domain) are passing tests and that all computers
are configured with the correct DNS settings.

 

John Tolmachoff MCSE CSSA

Engineer/Consultant

eServices For You

www.eservicesforyou.com

 

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: Monday, September 22, 2003 10:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Test for Internet Link availability

 

http://www.ISAserver.org

Hi John

 

I do appreciate your comments on all matters concerned. I would however like
to defend myself a little if you don't mind.

 

A while ago I posted a question to the "Would AV plugin stop VPN
infections?" thread asking people's comments on best antivirus programs,
experiences, strategies etc. The reason I asked is because it is my
experience that FSecure AntiVirus is always "behind the times", and virii
such as Nimda, CIH, Melissa and now lately Blaster, Nachi & Welchia do not
appear to be blocked by FSecure as soon as they are made public knowledge.
This obviously hampers my removal strategy as I then have to go and download
removal tools from other websites, or even better, write my own code in my
Login Script to hunt down and kill the infections.

 

With the information presented to you in my last thread I can understand
your comment about me not belonging on this list, but for brevity's sake I
did not wish to bore everybody with all my troubles & woes. Instead I try to
get to the point quickly so that whomsoever wishes to listen and comment
constructively may do so.

 

As it remains, I am responsible for 1500 workstations and 40 Windows 2000
servers. Budgets are not always that lenient when it comes to spending on
technology to improve existing strategies or embark on new ones, so to quote
one of the great American Presidents: "I do what I can, where I am, with
what I have"

 

Thanks

William R.

 

 

Other related posts: