Re: Hardening VS firewalling ?

From: Mark A. Lewis (mark@mnlewis.com)
Date: 01/08/02 

Date: Tue, 08 Jan 2002 03:06:04 -0600
From: "Mark A. Lewis" <mark@mnlewis.com>
To: "Omar Koudsi" <omark@jeeran.com>, security-basics@securityfocus.com

Both are important.

An IIS box with no patches installed behind the greatest firewall in the
world would still be vulnerable to code red, nimda, unicode and all that
good stuff if port 80 was getting to it. A completely patched server with
no firewall would be
available to be compromised on all ports, it would happen one way or
another.

Since patches are free and most firewalls are not, in a pinch a cheap
firewall such as linksys or a linux solution with a patched server behind
it would be workable.

But it isnt just patches that are important. Following all the normal
good practices regarding unneeded services, strong passwords and physical
security and the like round out the package.

-----Original Message-----
From: "Omar Koudsi" <omark@jeeran.com>
To: <security-basics@securityfocus.com>
Date: Tue, 8 Jan 2002 02:29:43 +0200
Subject: Hardening VS firewalling ?

> OK, I know this is more of a theoretical debate, because in reality we
> are able and should do BOTH.
>
>
> But according to you, which is more important? Paying attention to
> having great firewall with a great ACL more than hardening and patching
> the systems? Or not have to worry about the firewall or having one at
> all and concentrate on applying best practices to OS/APPS and making
> sure the OS/APPS is up date on patches?
>
> In the unlikely event that you had to choose one over the other (or
> some
> people would argue that this is a reality since time is limited and you
> can really concentrate on one) , which one would it be and why?
>
> Regards,
>
>
> -----------
> Omar Koudsi
> IT Architect
> Network Security Center
> Special Systems Company
> http://security.sscjo.com
> omark@sscjo.com
> Tel: (9626) 5664221
> Fax: (9626) 5681557
>

Relevant Pages

  • Re: WindowsXP slower after reinstall.
    ... > Did you get on the Internet unprotected by a firewall or antivirus? ... > Also - did you test your hardware before reinstalling - it could be a bad ... > will have to do whatever you did before to get them installed or download ... > You can see the critical patches released for a given ...
    (microsoft.public.windowsxp.basics)
  • Re: WindowsXP slower after reinstall.
    ... > Did you get on the Internet unprotected by a firewall or antivirus? ... > Also - did you test your hardware before reinstalling - it could be a bad ... > will have to do whatever you did before to get them installed or download ... > You can see the critical patches released for a given ...
    (microsoft.public.windowsxp.basics)
  • Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... >It will be a while I get the router and do that. ... >> labelling on the box to be sure it has firewall features. ... name, like Disconnect from Internet, and click Finish. ... generally talking only about "critical patches" that affect security. ...
    (comp.security.firewalls)
  • Re: The current architecture is broken
    ... * Use a good firewall to block access to your computer from the Internet ... > download and keep up with all they send, but Microsoft has ... >> Internet to download all those security patches. ...
    (microsoft.public.security.virus)
  • Re: ** READ THIS BEFORE POSTING - answers to frequently asked question
    ... >> Microsoft generally releases security patches on the second Tuesday of more ... >> 4) You're not running a firewall, or your firewall isn't protecting you. ... >> I just heard about a new Microsoft security patch update. ... >> I forgot my Windows logon password and can't log in. ...
    (microsoft.public.security.virus)