Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: B. Scott Harroff (Scott.Harroff@att.net)
Date: 08/22/02
- Next message: B. Scott Harroff: "Re: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Previous message: Dave Piscitello: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- In reply to: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: Adam Shostack: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: Adam Shostack: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: R. DuFresne: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "B. Scott Harroff" <Scott.Harroff@att.net> To: "R. DuFresne" <dufresne@sysinfo.com>, "Crispin Harris" <crispin@internode.on.net> Date: Thu Aug 22 17:04:01 2002
> there are so many companies that have no ingress filters, they as Marcus
> will state not only don't care much about what passes inside, they
> additionally have no clue as to what is passing inside.
In my humble opinion, corporate security people not authenticing and
filtering/monitoring traffic heading off the corporate network is a like
airport personel not verifying individuals identities who are on an outbound
airplane, or checking what they are carrying. 99.99% of the time nothing
happens, that last 1% can be very painful though.
A good practice (what I enforce): Our outbound traffic is authenticated at
the proxy servers. No authentication via domain credenials = no outbound
access. The proxy servers have inbound/outbound filter settings dictiated by
IT Security, applied by server admins. The traffic then passes though an
IDS / firewall (controlled by IT Security) with trigger sets for malicious
traffic and port/protocol filters set to back up the proxys filters. All
traffic logs passed/blocked are kept in the event of an incident (security
or HR or Legal related).
> There are far too many companies that do not see this as anything of major
> significance, we;ve seen so many messages in the lists over the years
> about some admin or employee running so non-work related app from their
> desktop or server that allows then to do instant messaging or share mp3's
> across the perimiter...<Subject: How do I stop such and such traffic from
> passing the firewall I'm charged with maintaining>
Via the above,
Trojans, which don't have correct socks proxy configurations are stopped,
virus' with smtp engines built in are stopped, non-authorized visitors to
the network can't connect outbound, encrypted VPN's can't be established
into another another network, etc.
- Next message: B. Scott Harroff: "Re: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Previous message: Dave Piscitello: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- In reply to: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: Adam Shostack: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: Adam Shostack: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: R. DuFresne: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
