Sunday, October 19, 2003

Secure the perimeter?

Secure the perimeter?

Secure the perimeter?

Secure the fsck'in perimeter!?

Gee, I think that puts Microsoft's level of security at circa 1990. Does it mean that Microsoft is abandoning trying to secure the code?

After a quick read, I think I can make a few quick preditions:

  • Microsoft will make lots of money selling "more capable" firewalls
  • Millions of Microsoft users will be complacent about their internal networks because "Hey, we've got a firewall to protect us!"
  • resulting in thousands of crunchy-on-the-outside, chewy-on-the-inside networks, thereby lowering the overall level of security on the Internet

One of the biggest shortcomings about using Microsoft workstations is that each and everyone of them is also a server because the same services used to join the local network allows the workstation to share services and data. Let's enumerate what ports 135, 137, and 139 are used for:

  • DHCP to configure your workstation
  • getting your mail to/from the Exchange server
  • RPC calls (allows someone else to remotely run functions/programs on your machine)
  • Microsoft's DNS and WINS services
  • network logons
  • printing services
  • file sharing
  • directory replication
  • event viewer services
  • registry editor
  • user manager
  • and diagnostics

And that's just to/from a workstation. I'm amazed that it took as long as it did for someone to consider NetBIOS as an infection vector.

Welchia provided a very good example of why security has to be from the ground up. Various organizations learned the hard way that while their firewalls protected the front door, various backdoors lurked in their networks. That couple with a laissez-faire attitude for timely patching allowed the damage to stack up like it did.

Hmm... I wonder how Microsoft is going to do/market it. Single-purpose applications? Peer review of all code? [*gasp*] (Yeah, you heard me. I said "open source".) "Embracing and extending" more security protocols? Couple all this with the DRM crack they're pushing and recent attempts to get into the BIOS (the stuff that tells your computer how to boot) business, it's going to get real interesting.

I can hardly wait.