On Thu, Apr 22, 2004 at 10:40:08AM -0700, Mike Rambour wrote: .... > >25 outbound, but rather *redirecting* tcp/25 to your mail server. That > >way, *any* attempts to connect to an SMTP server will be redirected to > >yours. And if one of your Windows users does have a worm, it'll be unable > >to talk to the outside but you will see it's attempts in your .... Yes a good idea. > what a great idea... and the shorewall one that you suggested in the > next message also...I wanted to learn on my own without GUI's but I have > been reading the website shorewall and it seems to just do it so easily, I > will try it first thing after lunch today. > > By the way my ISP says I have not sent SPAM out since Monday and they > only received 3 complaints total over the weekend so I think I am ok. It is important to get a good report from the ISP. Complaints need to be supported with full headers so you can track the issue. Most of the nasty worms and viri... look like spam and impersonate the sender. It is possible that none of the spam originated from your organization. By chance if they cause you to be blacklisted because of a handful of spoofed messages this can cause your company major pain. Watch out for WIFI links.... Use arp watch. Have a permissive but responsible connection policy inside of your company. i.e. nothing gets connected without checking in first. No unregistered iPods, memsticks, laptops, palm, etc. Then build a virus scan and problem notification policy for each. If you know nothing about the device have the requester fill in a rough security and virus scan and software update policy. If you know what people are running you can collect appropriate notifications. The goal of such a policy is to permit people to get work done in a responsible way. In addition to sendmail and http the same is true for instant messaging. Recent problems have surfaced with IM services that can infect systems. The wireless links on some devices are active even when connected to a docking station and can connect point to point with a visitor's laptop sitting in a conference room. See discussions about APIPA (Automatic Private IP Address) in this list. Microsoft just sent out a big old patch update CDROM for the asking. Make sure that folks update their boxes. > Concerned because i could not track down how it was done but ok, Thanks for > all the help...I am sure I will ask more later. > > I never knew my old job here was so boring until I "volunteered army > style" 3 weeks ago for this one, now I learn something new every hour and > go home feeling frustrated and like I accomplished something. On a personal soap box, encourage a mix of systems and tools that are interoperable. Some simple minded IT groups mandate that all systems run the same software on all their boxes. As a person of Irish decent monoculture can kill big time. The potato famine was such a disaster because when the blight hit there was nothing left to eat as the fungus went from field to field to field. -- T o m M i t c h e l l /dev/null the ultimate in secure storage.
