![]() At all.įirst of all, if you for one second think that "security by obscurity" is a viable strategy, as you imply by your comment, then you are in the wrong line of business, being the arrogant one. Irresponsible? You put yourself as "part of the security community", yet you obviously don't get it. Then, sure, apply all of the recommended hotfixes. That's step one - getting email off onto its own shiny new quarantined server. Minimize what an attacker could achive via the server, except properly sending and receiving email. Maybe give it its own separate network too. It shouldn't "share the same host" as their database server, or their web server, or any other corporate function - not even their "jumpbox" (especially not that). If there's anything other than antivirus scanning going on on the customer's email server, now's a good time to revisit their solution, to quarantine the email server as best as possible. ![]() That means customers will be clamoring for the hosting techs to apply hotfixes and such: ![]() ![]() If you look carefully at the column "solution", there's a subtle change of wording, from "updated to xxx" (automatically) to "update to yyy" (meaning, to me, go do it) This makes the case for quarantining the corporate "enterprise endpoint" Many (most?) small/medium business customers use their web server as their corporate email solution as well. Hosting vendors have an awesome opportunity to help out here, and maybe sell some more servers too.
0 Comments
Leave a Reply. |