Re: [fw-wiz] I wonder, how to test..

From: Adrian Grigorof (adrian_at_grigorof.com)
Date: 07/30/04

  • Next message: Ravi Kumar: "[fw-wiz] SOCK5 Proxy and MSN 6.2 IM"
    To: "Meindert Uitman" <meindert.uitman@avic.nl>
    Date: Fri, 30 Jul 2004 00:51:16 -0400
    
    

    The short answer would be "No". What you described, sounds "reasonable
    proof", but why should we believe you? ;) Even if you go through the whole
    process of hiring some expensive auditors from the likes of Delloite and
    Touche all you can get, at best, is something saying that yes, you are as
    secure as possible for your type of organization (from their perspective).
    All these reports say that if you make any kind of change to the setup, the
    report is no longer valid (for example, applying a hotfix is a change). You
    may control the network infrastructure, but how about the code behind the
    applications? SQL injection attacks may compromise an application regardless
    of the how locked the web server is or if the SQL machine is in the DMZ.
    Also, how about DoS attacks?
    That being said, as a low cost tool, maby you can still install Linux on a
    laptop and perform network scans with scanners like Nessus. You can move
    your laptop to all the network segments that are part of the infrastructure
    that you described and scan them for known vulnerabilities.

    Regards,

    Adrian Grigorof
    www.firegen.com
    Firewal log analyzers

    ----- Original Message -----
    From: "Meindert Uitman" <meindert.uitman@avic.nl>
    To: <firewall-wizards@honor.icsalabs.com>
    Sent: Thursday, July 29, 2004 10:33 AM
    Subject: [fw-wiz] I wonder, how to test..

    > Hi list,
    > As a regular reader of this list, and (amongst many other tasks)
    > responsible for security at our company, I wonder. I've taken most
    > measures to make our buisiness secure. It's all on a small scale,
    > everything runs well, but every now and then the tiny hairs on the back
    > of my head make me wonder how secure it all is. Yes, webservers are
    > locked down, are in DMZ, only http permitted, SQL on inside via data
    > layers, only nessesary ports between DMZ and inside; this production
    > environment is colocated, office is connected via PIX to PIX vpn,
    > restricted access to this vpn, etc.
    >
    > Are there any low cost means / tools out there to verify that what i
    > have done so far is reasonable proof?

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Ravi Kumar: "[fw-wiz] SOCK5 Proxy and MSN 6.2 IM"

    Relevant Pages

    • Re: dmz - best way ?
      ... >> subnetmask 255.255.255.248 ... >> for external network, the other DMZ_NET for the dmz network, and ... >> my question is...which way is more secure? ... > to allocate another private range to the DMZ, and do NAT in the firewall ...
      (comp.os.linux.security)
    • Re: SQL cluster firewall question
      ... in that location and to secure them from the "untrusted" users in the DMZ. ... The SQL box is now due to be replaced by a failover SQL cluster. ...
      (microsoft.public.sqlserver.clustering)
    • Re: OK, Im sold on SBS2003 now
      ... >> I would not put SQL in there ... > SQL = LAN ... > I'm not talking about a DMZ in the same network, ... > about a real DMZ with a different network. ...
      (microsoft.public.windows.server.sbs)
    • Re: Pakistan to ban encryption software
      ... network you have access to (and of course, ... capture, which is illegal without said permission). ... But the point remains that general email is at least as secure as a letter, and that greater security than that is not generally warranted. ... card details are sold in batches as quickly as possible. ...
      (uk.legal)
    • Re: [fw-wiz] Rationale of the great DMZ
      ... >DMZ and its implied security has changed. ... Network activity wouldn't ... >necessarily begin from the DMZ and be tunneled in to the internal network. ... >Commonly SSL accelerators terminate the SSL end point prior to the ...
      (Firewall-Wizards)