We have not caught the worm making the rounds. But still people's email boxes are overly cluttered. So, while filters remove standard attachments and Outllook internally is set to block standard evil attachments, still the outside world delivers a steady stream of safe, unwanted email from all over. In the end, we shuttered the email lists, set up a centralized anti-virus server to ensure workstations were as protected as possible, and my colleague built a new email server using procmail/SmartMail to provide better control over attachments. Spam Assassin is set in place as well, although it appears to need to be trained more closely before we deploy it in production mode.
It was fun to figure out ways to improve the systems we use. Indeed the careful problem solving and creative solutions that computer issues tend to require is what makes the problems fascinating. It isn't just solving the problem, but making the solution fit what already exists, what can be done on available equipment and how to keep the work we support going.
Now the next step is figuring out how best to manage patches for the Windows world. Automated, yes, but. Some references to keep in mind: 5 tips to effective patch management and NTBugtraq and Too Many Patches. Things to consider: the short time between bug announcement and exploitation, as in the blaster worm and the RPC it invoked; the setup of machines and their hardware so have a better sense of when a patch might pose a problem. How to best verify patching of remote offices.
Posted at August 21, 2003 05:46 PMThis discussion has been closed. No more comments may be added.