Re: [fw-wiz] RE: In defense of non standard ports



> On Tue, 24 Jan 2006, ArkanoiD wrote:
>
>> Allowing uncotrolled HTTP CONNECT to any port seems quite suicidal for
>> any reasonable security policy, am i wrong?
>
> As suicidal as allowing all TCP outbound. Which is happening *way* too
> much, and is the reason we see things like botnets rapant on hospital
> networks.
>
> I think you shouldn't be allowed to install I{D,P}S until your firewall
> ruleset is this | high.
>
> Paul

I've been monitoring this discussion and I have issues with two
assumptions being made. The first is that all organizations have security
professionals with some pull with management. Politics plays a big part
and unless you can sell a solution or are hacked sideways nothing will be
done. This is the frustration of many technical security professionals.

Lets take the above issue - all tcp ports outbound are open. Throwing in
an IDS is an quick way to gather appropriate information to help sell to
management that they have a real problem. Just telling them "all ports
outbound bad" does not work. In addition - the log output from [insert
whatever firewall here] is either not detailed enough or the volume is so
high that it is not always practical to run analyze on the output.

Second issue I have is that running IDS's takes a lot of time. That is
bull. I had a vendor in today that was going off about such nonsense. It
is just like any other service. You plan, implement, and manage that
service appropriately. If you are spending all your time updating rules
and keeping things in sync - your problem is not the ids but your
operational processes.

IDS have their place as any other service but saying they are useless or
offering a negative opinion on an organizations internal controls (or lack
of them) does not help that individual solve a problem.

t.s



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • OT: What will he do next?
    ... That was National Security. ... President Bush said Tuesday that a deal allowing an Arab company to take ... Senate Republican Leader Bill Frist urged the administration to ... Ports World, a state-owned business in the United Arab Emirates. ...
    (comp.sys.hp.mpe)
  • Re: Political Analysis of Security Products
    ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ...
    (Pen-Test)
  • Re: Finally, a secure computer
    ... paranoia in the security aspects of IIS administration. ... security at the IBM website is compromised, ... I ran a port check on 10,000 plus ports (I ... > trouble downloading updates [I'm not sure about AVG pro, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Port security, continued
    ... CITING NATIONAL SECURITY, ... WASHINGTON - PRESIDENT BUSH WAS UNAWARE OF THE PENDING SALE ... THE WHITE HOUSE SAID WEDNESDAY. ... EMERGENCY LEGISLATION TO SUSPEND THE PORTS DEAL. ...
    (sci.med.transcription)
  • Re: How you can help
    ... pleased to have you here as I sign a bill that will help protect the ... American people and our ports. ... Homeland Security, Michael Chertoff, for his service to the country. ... appreciate that Senate Majority Leader Bill Frist has joined us. ...
    (rec.gambling.poker)