How To Manage a Security Breach? 183
Salvance writes, "A friend of mine has recently been stressed over a security breach at the company he consults for. The company maintains dozens of Windows 98 desktops to support legacy software that cannot be easily replaced. Due to the inherent lack of security in Win98, a worm was able to infiltrate almost every computer and send gigabytes of data (possibly including sensitive company data) to a 'redirector' in Eastern Europe. My friend was working on other security projects at this company and stumbled across this massive hole. He quickly convinced company executives to remove Internet access from all Win98 machines, purchase better firewalls, and implement other data protection strategies. However, the sticking point was client notification. Due to the nature of the legacy systems, there was no way to know what data was transferred. For this reason the company wanted to play it safe and disclose nothing. Of course, my friend is all for disclosure and preventing harmful use of the potentially leaked data. My friend doesn't know what to do, so I'd like to know what others here think."
The question isn't being asked (Score:3, Informative)
If they are insecure, sandbox them or cut them off completely.
If they need some kind of network access, use a whole shitload of proxies and firewalls and a carefully-monitored snort install and babysit the hell out of it until they can be secured.
No, forget that. Get them off the net completely.
Re:Easy (Score:2, Informative)