Okay so you read the blog (http://blogs.technet.com/msrc ) you read the bulletin, http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx. you’ve seen the posts here and you are probably wondering… okay if I have a SBS 2003, two nic, decent firewall network and no one VPNs in do I need to be freaking out like Susan is?
Can you … with 100% certainty… ensure that no one in that network will bring malware into that firm? That they won’t be tricked into downloading something, bringing in something to the network? That someone won’t bring in a laptop and connect it to the network when it’s not been patched and virus cleaned?
We’re pure gooshiness on the inside and you need to consider how risky that firm is from external threats. Don’t depend on antivirus. Don’t depend that someone won’t be tricked by malware. Consider how the firm operates and how much risk they are of this. Exploits are being built and it has been used in targeted attacks.
Determine the risk to that firm and act accordingly. Just remember, we’re gooshy inside and once it gets in, there’s nothing on the inside to slow it down in the way we build our networks in the SMB space.
Plan accordingly for the goosh.