Colin’s IT, Security and Working Life blog

May 8, 2009

The most (and least) secure firewalls are soft and squishy

Filed under: Security In the News — Tags: , — chaplic @ 10:05 am

I was surprised (and somewhat smug) over the recent spate of people who should-know-better being caught by photographers holding sensitive documents in public display.

The reason for my smugness is that on a piece of work I’m doing, amongst other handling rules,  I insisted on large A3 envelopes being issued to the project team, and the players in the project were referred to by codenames. All papers were to be carried within and stored behind lock and key, which caused much good-natured bickering within the team.

The documents are held electronically, behind dual-skinned firewalls, stored on laptops with full hard disk encryption, and subject to a robust patching and AV routine.  It would take considerable effort to get at them.

However, there would be people in the building that would be very interested in seeing even just the front page. It was nothing particularly sensitive, just a key point in a commercial process.

It’s nice to be able to pin back why we preach good security against real-life examples, but we’re not all top police officers carrying documents of national security. Is the lesson still relevant?

I frequently take a train between Ipswich and London, there’s usually a high number of employees of a certain telco with me, beavering away on their laptops and mobiles.  I’ve heard the status of bids, seen designs for customers networks and generally gained information that I would never have the technical skills to “hack”.

Security does not stop at the firewall. Much in the same way that people now break into houses to steal car keys because it’s too difficult to hotwire a car, if you are confident your IT infrastructure is secure you must think wider.


  1. Hi Colin,

    Have you heard of Conficker.fa? We have been hit by this variant. We use eeye blink in our school. And everything is patched with MS08-067.

    I am told by Blink that any machine patched iwth ms08-067 shouldn’t have problems with conficker. But we do !!!!!.

    Allour servers are pathced with ms08-067 atleast 4 times over the last 36 hours and they have reinfected.

    Do you know this variant and if you do, is there a MS patch that deal with it ?

    Thanks for any help. I am not sure where to go within MS for any help. At least to inform that there is a new variant and their sandard conficker patch doesn’t work !!!
    The school can’t afford a permanent support contract with MS.

    These products are supposed to work ….. aren’t they ?


    Comment by Nalin uduwawala — September 3, 2009 @ 9:34 pm

    • Sorry to hear about your outbreak.

      I think you are coming at this from the wrong angle. A machine with ALL patches should be OK from the variants of conficker, but once it’s in your system, retrospectively patching doesn’t help.

      Furthermore, some variants will move to different machines, and either guess usernames and passwords or use the users credentials – so I’d be looking to ensure password complexity is correct and change all passwords (definetly change all users with admin rights NOW). In this circumstance it doesn’t matter if the machine is patched as it’s not using that vulnerability to install itself.

      Is every single machine on your network fully patched? one unpatched machine (especially with a user with admin rights) will kick off the mess all over again.

      Comment by chaplic — September 4, 2009 @ 8:29 am

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at

%d bloggers like this: