Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )

From: R. DuFresne (dufresne@sysinfo.com)
Date: 08/25/02 

From: "R. DuFresne" <dufresne@sysinfo.com>
To: "B. Scott Harroff" <Scott.Harroff@att.net>
Date: Sun Aug 25 09:50:02 2002

On Thu, 22 Aug 2002, B. Scott Harroff wrote:

> > there are so many companies that have no ingress filters, they as Marcus
> > will state not only don't care much about what passes inside, they
> > additionally have no clue as to what is passing inside.
>
> In my humble opinion, corporate security people not authenticing and
> filtering/monitoring traffic heading off the corporate network is a like
> airport personel not verifying individuals identities who are on an outbound
> airplane, or checking what they are carrying. 99.99% of the time nothing
> happens, that last 1% can be very painful though.
>

I'm not disagreeing with this as being better then I mentioned is standard
practise for many many companies, I'm only stating that utopias are not
the norm <smile>...

> A good practice (what I enforce): Our outbound traffic is authenticated at
> the proxy servers. No authentication via domain credenials = no outbound
> access. The proxy servers have inbound/outbound filter settings dictiated by
> IT Security, applied by server admins. The traffic then passes though an
> IDS / firewall (controlled by IT Security) with trigger sets for malicious
> traffic and port/protocol filters set to back up the proxys filters. All
> traffic logs passed/blocked are kept in the event of an incident (security
> or HR or Legal related).
>
> > There are far too many companies that do not see this as anything of major
> > significance, we;ve seen so many messages in the lists over the years
> > about some admin or employee running so non-work related app from their
> > desktop or server that allows then to do instant messaging or share mp3's
> > across the perimiter...<Subject: How do I stop such and such traffic from
> > passing the firewall I'm charged with maintaining>
>
> Via the above,
> Trojans, which don't have correct socks proxy configurations are stopped,
> virus' with smtp engines built in are stopped, non-authorized visitors to
> the network can't connect outbound, encrypted VPN's can't be established
> into another another network, etc.
>

Cool, course getting those companies to deal with these issues, adding a
new device system say a proxy is going to be a tough matter to convice
managment of, being they are not feeling much at risk inside or out
already. Remember, we are still having trouble getting many of the travel
industry to take security as a serious concern, even after 9/11. And gov
and many mil sites are still not understanding some of the issues
invoolved with security, let alone industry even taking protection of
personal information seriously.

Thanks,

Ron DuFresne 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!

Relevant Pages