Re: Browser Vulns

From: Thor (thor_at_hammerofgod.com)
Date: 07/23/04

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Browser Vulns"
    To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>, <larobins@bellatlantic.net>
    Date: Fri, 23 Jul 2004 09:49:09 -0700
    
    

    SBS 2k3 "premium" comes with ISA2k, right? You can block whatever you want
    outbound with that guy! I'm just wondering what you mean by "In SBS Land
    ... given that person is an authenticated user, the connection would go out
    the firewall just fine" in that context-- I'm guessing you dont' mean ISA
    firewall?

    T

    ----- Original Message -----
    From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
    <sbradcpa@pacbell.net>
    To: <larobins@bellatlantic.net>
    Cc: "'Kirk Foutts'" <kfoutts@orenickcompanies.com>; "'James Riden'"
    <j.riden@massey.ac.nz>; <focus-ms@securityfocus.com>
    Sent: Thursday, July 22, 2004 6:56 PM
    Subject: Re: Browser Vulns

    > Not all firewalls are alike and not all do "outbound" egress filtering.
    > .... 'course one could argue it shouldn't be called a firewall... but
    > nevertheless not all are packet inspecting firewalls.
    >
    > Granted I think we can assume that one is talking about a true "business
    > class" firewall and not the Fry's specials, but even in SBSland we get
    > requests for blocking external webemail, and the notorious IM which,
    > given that person is an authenticated user, the connection would go out
    > the firewall just fine.
    >
    > Susan
    >
    > Laura A. Robinson wrote:
    >
    > >
    > >
    > >
    > >>...
    > >>
    > >>
    > >>
    > >>>>>If you can, block by default and allow what you want.
    > >>>>>
    > >>>>>
    > >>How? This sounds like a great plan but...
    > >>
    > >>
    > >
    > >It is standard for nearly any firewall. Block all, open what you need
    > >opened.
    > >
    > >
    > >>>>>That goes for outbound ports as well; if you have a DNS server and
    > >>>>>you
    > >>>>>
    > >>>>>
    > >>know it >>>only needs to connect/send to dest port 53, why
    > >>not ban it from connecting to >>>any other ports?
    > >>
    > >>
    > >>How can this be done?
    > >>
    > >>
    > >
    > >With a firewall.
    > >
    > >(I'm guessing y'all don't have a firewall?)
    > >
    > >Laura
    > >
    > >
    > >
    > >
    >
    > --
    > http://www.sbslinks.com/really.htm
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > --------------------------------------------------------------------------
    -
    >
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Browser Vulns"

    Relevant Pages

    • Re: Browser Vulns
      ... RRAS firewall Those of us in "paranoid" SBSland use ISA ... I'm just wondering what you mean by "In SBS Land ... >>given that person is an authenticated user, the connection would go out ...
      (Focus-Microsoft)
    • Re: I am having connectivity problems
      ... firewall and turned ON Windows firewall. ... When I tried to install SP2 I was unable to get it thru Windows Update. ... does the connection problem persist? ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: Serious Security Issue in Windows XP SP2s Firewall
      ... Subject: AW: Serious Security Issue in Windows XP SP2's Firewall ... If you update a WinXP SP-1 with enabled Internet ... Connection Firewall ...
      (Focus-Microsoft)
    • RE: Serious Security Issue in Windows XP SP2s Firewall
      ... file and printer sharing is available for network login from any network (I ... Internet Connection Sharing of the PC has to be disabled." ... Serious Security Issue in Windows XP SP2's Firewall ...
      (Focus-Microsoft)
    • Re: Still cant connect to RWW or OWA remotely
      ... No, I don't have a 3rd party firewall, and it's a pretty plain vanilla WinXP ... Connected to the network like the other workstations, ... I could go to any workstation and connect to them just fine. ... match the broadband connection, the two NIC firewall, the remote ...
      (microsoft.public.windows.server.sbs)