Firewall Wizards mailing list archives
Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 25 Aug 2002 00:24:19 -0400 (EDT)
On Thu, 22 Aug 2002, B. Scott Harroff wrote:
there are so many companies that have no ingress filters, they as Marcus will state not only don't care much about what passes inside, they additionally have no clue as to what is passing inside.In my humble opinion, corporate security people not authenticing and filtering/monitoring traffic heading off the corporate network is a like airport personel not verifying individuals identities who are on an outbound airplane, or checking what they are carrying. 99.99% of the time nothing happens, that last 1% can be very painful though.
I'm not disagreeing with this as being better then I mentioned is standard practise for many many companies, I'm only stating that utopias are not the norm <smile>...
A good practice (what I enforce): Our outbound traffic is authenticated at the proxy servers. No authentication via domain credenials = no outbound access. The proxy servers have inbound/outbound filter settings dictiated by IT Security, applied by server admins. The traffic then passes though an IDS / firewall (controlled by IT Security) with trigger sets for malicious traffic and port/protocol filters set to back up the proxys filters. All traffic logs passed/blocked are kept in the event of an incident (security or HR or Legal related).There are far too many companies that do not see this as anything of major significance, we;ve seen so many messages in the lists over the years about some admin or employee running so non-work related app from their desktop or server that allows then to do instant messaging or share mp3's across the perimiter...<Subject: How do I stop such and such traffic from passing the firewall I'm charged with maintaining>Via the above, Trojans, which don't have correct socks proxy configurations are stopped, virus' with smtp engines built in are stopped, non-authorized visitors to the network can't connect outbound, encrypted VPN's can't be established into another another network, etc.
Cool, course getting those companies to deal with these issues, adding a new device system say a proxy is going to be a tough matter to convice managment of, being they are not feeling much at risk inside or out already. Remember, we are still having trouble getting many of the travel industry to take security as a serious concern, even after 9/11. And gov and many mil sites are still not understanding some of the issues invoolved with security, let alone industry even taking protection of personal information seriously. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ), (continued)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Adam Shostack (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 25)
- Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)