Re: Items within XP SP2 and Win2003

From: James Riden (j.riden_at_massey.ac.nz)
Date: 09/29/04

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #208" 
    To: <focus-ms@securityfocus.com>
Date: Wed, 29 Sep 2004 12:19:25 +1200

    "Thor" <thor@hammerofgod.com> writes:

    > It is absolutely fine to employ host-based firewall measures, even in
    > the presence of border restrictions and minimum service configurations
    > at the server. It does indeed provide extra security, even if the
    > border router is doing the same thing, particularly if the border
    > router stops doing it or if an attacker gains access another way
    > (modem/wireless/etc.) The ability to perform egress filtering alone
    > is worth the administration (i.e. slammer).
    >
    > And while you might imagine many ways to get around the firewall (I
    > can't, but that's cool) note that you will still have to do those
    > things, whatever they are, where you would not in the absence of the
    > FW. It's security in depth, and a Good Thing.

    Exactly. It will give you some protection:

    if someone misconfigures your border firewall (that never happens, I'm sure)

    if someone hasn't properly shut down all unused services on a machine
     (or has started an extra one up "temporarily", just for testing)

    if you have an internal threat (viruses, worms, bored/malicious users,
     or someone has managed to compromise another of your servers in the
     same zone)

    possibly if someone manages to send an exploit to one of your servers
     which tries to connect back to the originating host. For example, it
     might be a web server and you might have denied it from originating
     outbound traffic. This one can be implemented on the border firewall
     if you have space for all those rules. 

    -- 
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #208"

    Relevant Pages

    • Re: table background pics
      ... One thing that's slowing the page down is the server connection. ... used by a "visitor" to a normal maximum of two ports. ... The host I use for it: www.123ehost.com and yes they have FrontPage ... border size: 1) instead of filling the entire table by default, ...
      (microsoft.public.frontpage.programming)
    • Re: borders dont show when published
      ... You can't change the .inf ... you need to find a host that supports the FP 2002 SE or ask you host to upgrade ... |>| please update the front page extensions on the server. ... The left border is set up with a background color ...
      (microsoft.public.frontpage.programming)
    • Re: Items within XP SP2 and Win2003
      ... It does indeed provide extra security, even if the border router is ... And while you might imagine many ways to get around the firewall (I can't, ... In order to browse the internet from the server you will have to add a ...
      (Focus-Microsoft)
    • Re: borders dont show when published
      ... >| error message that my navigation bar links are using ... >| please update the front page extensions on the server. ... The left border is set up with a background color ...
      (microsoft.public.frontpage.programming)