Re: [fw-wiz] Security Audit and Priorities

From: M Taylor (mctaylor_at_privacy.nb.ca)
Date: 07/14/03

Next message: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] Security Audit and Priorities"

Previous message: Chris Lowth: "[fw-wiz] RE: Blocking Kazaa"
Maybe in reply to: Paul Ammann: "[fw-wiz] Security Audit and Priorities"
Next in thread: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] Security Audit and Priorities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Mon, 14 Jul 2003 16:32:23 +0100

Paul Ammann wrote:
> I will be starting a new job in the next few weeks. I went to Netcraft and
> typed in the company's URL and was amazed by what I saw: the version of
> Linux, the version of Apache, the version of OpenSSL... literally everything
> about their web servers.
>
> 1. What is the best way to block Netcraft from obtain all this information.
> Are there Open Source solutions that would be better than commercial
> solutions?

Don't bother. I think it is best to actually easily check what software
you are currently actually running. It is also useful for the system
administrators to be able to easily check what version they are actually
running. I think it is far more valuable to easily know if you are
vulnerable than the risk of others also knowing your systems are
vulnerable. When you and the system administrators known the systems are
unnecessarily at risk, then it more likely the actual problem will be
fixed. Reducing the unnecessary exposure to known and unknown
vulnerabilities is the goal.

Second, I thought CodeRed, SQL Slammer and other automated worms
demonstrated that most self-propagating malicious software do NOT check
banners, they blindly try their attack, in cases even against systems
not running any web server or listening on 1434/udp (MS-SQL)

> 2. The company has acknowledged they are lacking in security. What is the
> best method for doing a security audit?

See SANS Reading Room http://www.sans.org/rr/ and
http://www.cisecurity.org/ as a starting point. Start with external
facing services first, then examine internal services.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] Security Audit and Priorities"

Previous message: Chris Lowth: "[fw-wiz] RE: Blocking Kazaa"
Maybe in reply to: Paul Ammann: "[fw-wiz] Security Audit and Priorities"
Next in thread: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] Security Audit and Priorities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]