Re: [Full-Disclosure] Lets discuss, Firewalls...
Valdis.Kletnieks_at_vt.edu
Date: 08/30/03
- Previous message: Richard M. Smith: "[Full-Disclosure] Bill Gates blames the victim"
- In reply to: Mike _at_ Suzzal.net: "[Full-Disclosure] Lets discuss, Firewalls..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Mike @ Suzzal.net" <mike@suzzal.net> Date: Sat, 30 Aug 2003 00:53:25 -0400
On Fri, 29 Aug 2003 22:33:06 CDT, "Mike @ Suzzal.net" <mike@suzzal.net> said:
> I can surf the web from the box so it is fine.
> Can you get to it? How?
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
You got IE or Outlook on that box?
(And no, you can't whine "that's not fair, that's not what I asked" - remember that
the bad guys aren't going to play fair either).
Incidentally, the *entire* security benefit of NAT is that it usually
*accidentally* acts as a firewall due to its design (the "no 1 to 1 NATing").
It won't usually forward packets for a port it doesn't know about - which
basically means it's acting as a firewall with a default deny policy.
And yes, you need a firewall as well - if only to protect yourself from
screw-ups like accidentally enabling 1-to-1 NAT (or if some 1337 haxor
finds a way to enable it from the outside interface).
Security in depth. Belt AND suspenders.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: Richard M. Smith: "[Full-Disclosure] Bill Gates blames the victim"
- In reply to: Mike _at_ Suzzal.net: "[Full-Disclosure] Lets discuss, Firewalls..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
