Re: [fw-wiz] finding security threats

From: Devdas Bhagat (dvb@users.sourceforge.net)
Date: 12/30/02


From: Devdas Bhagat <dvb@users.sourceforge.net>
To: firewall-wizards@honor.icsalabs.com
Date: Mon Dec 30 08:28:01 2002

On 30/12/02 12:42 +0530, Kilaru Sambaiah wrote:
> All the firewalls and other tools are designed for securing
> systems from any threat. Is there any way to find that my local
> systems are breaking systems some where. More genarically how
Just ensure that your firewall has filters on the outbound traffic also.

> does ISP's will actively look their customers are not hackers
> but legimate users and also how does viruses are not generated
> from their customer IP's.
There is no clean way to do this without compromising too much on
monitoring the customer traffic.
The best way is to assume that a customer is clean, and wait for
complaints. If there is a complaint, investigate it, watch that users
traffic.
As for viruses, force all customer email through the ISP relays, which
filter outbound mail for viruses, and possibly spam.
http viruses can be cuaght by watching webserver and proxy logs.
Please start a new thread with a new mail rather than replying to an old
one. It breaks threading.

Devdas Bhagat