Re: [fw-wiz] I wonder, how to test..

From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 07/30/04

  • Next message: Kevin Sheldrake: "Re: [fw-wiz] I wonder, how to test.."
    To: "Meindert Uitman" <meindert.uitman@avic.nl>, "firewall-wizards@honor.icsalabs.com" <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 30 Jul 2004 12:03:01 +0100
    
    

    Hello

    It depends on how thorough you want to be and how much you already know.

    I would suggest you use nmap (www.insecure.org) to scan every box you own
    (internal, external, DMZ, DNS, etc) from inside and outside the firewall.
    This will give you a picture of the ports that you are exposing. You can
    compare this to your security policy. If the local scans (i.e. scans not
    through the firewall) show services running (ports open) that are not
    needed then you might want to stop them. Services that are need for
    localhost should be configured to only accept connections from the
    loopback network interface.

    You may wish to run nessus (www.nessus.org) against all your boxes too.
    This can take a very long time if not configured properly, but will
    evaluate running services against a vulnerability database. It'll
    basically tell you if it thinks your services are buggy.

    You may wish to search a vulnerability/exploit list for the exact versions
    of services you are running. www.packetstormsecurity.org has a
    comprehensive list of everything. www.securityfocus.com is also very
    good. www.k-otik.com is a crazy french exploit site and is very good.

    You might want to buy one/more of the Hacking Exposed series of books.

    Kev

    > Hi list,
    > As a regular reader of this list, and (amongst many other tasks)
    > responsible for security at our company, I wonder. I've taken most
    > measures to make our buisiness secure. It's all on a small scale,
    > everything runs well, but every now and then the tiny hairs on the back
    > of my head make me wonder how secure it all is. Yes, webservers are
    > locked down, are in DMZ, only http permitted, SQL on inside via data
    > layers, only nessesary ports between DMZ and inside; this production
    > environment is colocated, office is connected via PIX to PIX vpn,
    > restricted access to this vpn, etc.
    >
    > Are there any low cost means / tools out there to verify that what i
    > have done so far is reasonable proof?
    >
    > Thanks in advance,
    > Meindert uitman
    > Avic B.V.
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    >

    -- 
    Kevin Sheldrake MEng MIEE CEng CISSP
    Electric Cat (Bournemouth) Ltd
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Kevin Sheldrake: "Re: [fw-wiz] I wonder, how to test.."

    Relevant Pages

    • [fw-wiz] I wonder, how to test..
      ... responsible for security at our company, ... measures to make our buisiness secure. ... locked down, are in DMZ, only http permitted, SQL on inside via data ... environment is colocated, office is connected via PIX to PIX vpn, ...
      (Firewall-Wizards)
    • Re: Setting up 2 domains with one way trust to dmz
      ... What you refer to as the client ports are probably due to the RPC ... why does the DMZ exist? ... a batch process gets started that will survive the accounts logoff. ... I have no problem with the server ports its the client ports that I ...
      (microsoft.public.security)
    • Re: Outbound ports
      ... >> public web server sitting in my DMZ. ... Destination Port 80 outbound ... >> blocking outbound on all but those ports could prevent traffic from ... >> infecting other machines on the internet. ...
      (comp.security.firewalls)
    • Re: SKY USERS
      ... When you set the default DMZ to a non existant IP on the LAN the ... ports register as being stealthed and open if you don't. ... firewall, & I get the anomalous results from all sites mentioned in ...
      (uk.telecom.broadband)
    • Re: Question about DMZ Domain Member and Virus Membership
      ... restrict access to machine ports from the internet as needed IE port ... Ideally you are building a DMZ to insulate your internal network from ... The Norwich University program offers unparalleled Infosec management ...
      (Security-Basics)