RE: About MS-Networking security.

From: Bohling James CONT JBC (james.bohling_at_JBC.JFCOM.MIL)
Date: 01/19/04

  • Next message: Mark A. Villanova: "RE: About MS-Networking security."
    Date: Mon, 19 Jan 2004 11:40:53 -0500
    To: <focus-ms@securityfocus.com>
    
    

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    White Storm wrote:
    " Have you got a corporative AV installed yet? If not....... itīs time to
    think about it. =).
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    This is true about the Enterprise AV I failed to mention it because it was assumed. But White Storm makes a very good point about it. However, I do not agree about the VLAN segmenting.

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    White Storm wrote:
    "If you have the hability to configure the LAN, you can set a Virtual Lan
    (vLan) so special sectors connect to the internet without join the "same"
    network than Personal Computers over the net."
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    VLANs can provide a logical separation but not provide an airgap for the network. If you have VLAN 1 (corporate) and VLAN 2 (road warriors) then if your switch gets compromised and/or switch fails the VLAN 2 will automatically default to VLAN 1 (in case of compromise it may default to VLAN 1 depending on attack). This will give your road warriors machines' access to corporate. A second case is that administrators can/will become complacent with monitoring, upgrading, auditing, implementing other security measures for the VLAN 2. This will result from using VLANS for security and believing that VLANs are separate (without full understanding) so they don't have to do anymore. Third, with today's cisco multi-layer switches (3550, 3950s) additional configurations and access (b/c of routing configs, IOS FW configs and additional web interfaces available) may become available for compromise if the switches VLAN 2 is compromised.

    VLANS should be used for performance and network administration (advanced segmenting) rather than security.

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    White Storm wrote:
    " the best solution is to install an AV and Firewall together with an Spyware/Addware (Norton Antivirus+Personal Firewall + SpyBot Search&Destroy)on every mobile computer (Notebook) and set itself to test almost once a day to search for viruses, trojans, worms, etc."
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    If something happens to the AV while on the road such as not having DAT's updated then you can be in trouble. When one connects to outside networks and entities with a laptop a more cautious and granular approach is needed for re-connecting to the network.

    James Bohling
    Network Security Engineer
    AMSEC-A Subsidiary of SAIC

    ----- Original Message -----
    From: "Bohling James CONT JBC" <james.bohling@JBC.JFCOM.MIL>
    To: "Cyber Chiu`" <cchiu@hotspur.com.hk>; <focus-ms@securityfocus.com>
    Sent: Friday, January 16, 2004 10:37 AM
    Subject: RE: About MS-Networking security.

    Cyber wrote:
    ========================================================================
    ====
    Hi all, I have a question about portable computer security concern.

    My company have firewall protection, all desktop are behind firewall.
    However, My saleman need to do their business with a Laptop. When
    they're in office. They will connect their laptop to our internet.

    I think it's danger because we don't know it's infected by virus or not.

    can anyone suggest me what to do?

    ========================================================================
    ====

    First you have to think of this as a policy procedure. So, your
    Security policy should give you a start of how to treat network access,
    internet connectivity, what checks to perform, and network policies to
    perform for laptops or road warriors.

    It should consist of applying a procedure something in the range of:

    1: Where did salesman connect to a network on his/her trip?
    2: Do we have a relationship with this external entity (network)?
    3: Do we trust this entity?
    4: Can we obtain and rely on external entities network status report?
    5: Determine which route to take based on information collected above,
    and what your level of risk may be:
    A:
    1) Run a vulnerability scan against machine?
    2) Run virus scan
    3) Review results; apply patches that were not
    implemented due to laptops absence from network during patch deployment
    4)...
    Or:
    B:
    1) Have a clean pre-ghosted machine load
    2) Save laptops data (not systate data-this requires
    config planning)
    3) Wipe machine (not quick format)
    4) Apply ghost
    5) Restore data after (after the data has been virus
    scanned)
    6)...
    6: ...
    7: ...

    Fill in the blanks: I hope this helps

    James

    -----Original Message-----
    From: Cyber Chiu` [mailto:cchiu@hotspur.com.hk]
    Sent: Sunday, January 11, 2004 4:26 PM
    To: focus-ms@securityfocus.com
    Subject: About MS-Networking security.

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Mark A. Villanova: "RE: About MS-Networking security."

    Relevant Pages

    • Non-Domain SP2 systems, SLOW domain access
      ... I am having problems connecting Windows XP SP2 laptops to ... our network that are NOT part of the domain. ... First, these laptops belong to employees that do not work on site normally, ... security tab, the security identifiers take a very long time to enumerate. ...
      (microsoft.public.windowsxp.network_web)
    • Re: WEP or else ?
      ... > I am looking for a security implementation on Wireless to make it more ... > difficult for unauthorized people bring in laptops outside the ... > building and connect to our network. ... > that "WEP has security flaws in its implementations". ...
      (microsoft.public.security)
    • Re: laptop check or take
      ... doesn't allow personal use of their laptops and they have security so ... only their laptops work on their network.) ... Security has made it clear ... You can get more with a kind word and a 2x4 than just a kind word. ...
      (rec.travel.air)
    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)
    • Re: Is VMS losing the Financial Sector, also?
      ... the web from the server. ... I suggested using only localhost or a private network but, ... In the Army we call that Risk Management and it can be applied to ... I was talking about business laptops that are locked down. ...
      (comp.os.vms)