[WEB4LIB] Re: Two interesting articles dealing with viruses and

Andrew I. Mutch amutch at waterford.lib.mi.us
Thu Oct 4 11:20:02 EDT 2001 

Dan,

Regarding this statement:

" In other words, our only IIS server is behind a Linux firewall, so it's
got an extra layer of protection. Since worms like Code Red and Nimda
can't get through Linux, then they can't reach our IIS server."

I would agree with your first statement but need to clarify the second.
Having a firewall in place normally does provide an extra layer
of protection. In our case, when Nimda did hit one of our servers, our
firewall blocked the worm from being able to download the rest of its
payload and hosing the server.  We only had to do a minor cleanup compared
to a total rebuild or restore.

However, the fact that the firewall RUNS on Linux provides no more or less
protection than a firewall running on another OS.  Linux simply powers the
underlying OS for the firewall and isn't going to stop a worm that was
travelling through port 80 web traffic from getting through. Now, your
firewall could be configured or scanned to stop this kind of traffic but
simply running your firewall on Linux isn't going to stop worms like
Nimda. That's probably one of the reasons that your tech guru smartly
keeps the IIS server patched.

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI





On Thu, 4 Oct 2001, Daniel Messer wrote:

>     My point exactly.
>     If it was just the people using Outlook and IIS and that ilk that bore all
> the brunt of Microsoft's security failures, then it'd be one thing. But since
> EVERYONE on the net has to put up with these security failures, it becomes
> something quite different. Linux itself is fairly immune to things such as Code
> Red and Nimda, but that doesn't mean that the worms don't try. My friend runs a
> web server right in his own home using Slackware and Apache. When Nimda was in
> full swing, his Apache logs showed that his box was getting probed at least 200
> times per hour. Needless to say this degrades the quality of his web service
> and he only hosts a small page that usually only his friends visit. What could
> that do to a library?
>     Here at Yakima, we use the same basic system, with an extra precaution. Our
> automation system is strictly WinNT and the OPACs are delivered via IIS. In
> order to provide some extra protection, EVERY Internet function has to go
> through a Debian Linux firewall custom designed by our IT guru. In other words,
> our only IIS server is behind a Linux firewall, so it's got an extra layer of
> protection. Since worms like Code Red and Nimda can't get through Linux, then
> they can't reach our IIS server. Of course, said IT guru still installs all the
> patches as soon as they become available. No sense in getting cocky. After all,
> Code Red is amateurish compared to Nimda. With that kind of development, the
> next worm might be able to get through Linux firewalls, infect Macs, or any
> number of nasties. And again, chances are that it will be spread by a Microsoft
> product.
> 
> Dan
> 
> Tony Barry wrote:
> 
> > At 1:42 PM -0700 3/10/01, Michael Sauers wrote:
> > >  > So the thing is, when do people wake up and realize that Outlook keeps
> > >>  biting them over and over again?
> > >
> > >I guess I would need to be bitten at least once first...
> >
> > I use Eudora on MacOS. Whenever a new virus comes out I get dozens of
> > emails with the virus from outlook infected computers flooding my
> > mailbox. I can't be infected but I have to wear the traffic and
> > delete all the unwanted files.
> >
> > I run a Netpresenz web server. It can't be infected but I've been
> > flooded with connection attempts from infected machines.
> >
> > I'm getting bitten even though my system is secure. Microsoft
> > products are like tobacco and I've ended up being a passive smoker I
> > guess.
> 
> --
> Mondai wa
> The subject in question...
> -------
> Daniel Messer, Technologies Instructor
> Yakima Valley Regional Library
> 102 N 3rd St Yakima, WA 98901
> (509) 452-8541 x712
> dmesser at yvrls.lib.wa.us
> -------
> When the going gets weird, the weird turn pro.
>                      -Hunter S. Thompson
> 
>

More information about the Web4lib mailing list