RE: Firewall problem

From: Garcia, Nicholas A (Nicholas.A.Garcia@disney.com)
Date: 07/31/02


Date: Wed, 31 Jul 2002 14:31:01 -0400
From: "Garcia, Nicholas A" <Nicholas.A.Garcia@disney.com>
To: <dsardina@si.rr.com>, "Vasiliy Boulytchev" <linux@boulytcheva.com>, <security-basics@securityfocus.com>

It's funny cause someone posted this in an earlier thread. . .

http://www.securitywriters.org/projects/osscan/results.php

I don't want to sound like a zealot, but I do prefer to stick to
reproduceable data and not just popular opinion. Win2k outta the box
has as many holes (5) as Solaris 6 (5). After the latest security patch
on each platform, Win2k had 3 holes and Solaris 6 had 4. Win2k outta
the box only has 1 more "hole" than Sun's recently launched Solaris 9 on
its default install.

I don't know what the severity of these holes are, but those are the
numbers as these guys posted them.

-----Original Message-----
From: DSardina [mailto:dsardina@si.rr.com]
Sent: Tuesday, July 30, 2002 2:45 PM
To: Vasiliy Boulytchev; security-basics@securityfocus.com
Subject: RE: Firewall problem

I agree with Vasiliy Boulytchev said in his last email, but, im sure he
knows what im about to say.

Just because you switch to "linux or a openbsd" from windows, doesnt
mean your "secure" right out of the box. Thats a total LIE, and I would
hate to see people being mislead.

Every operating system has its insecurities.
I dont care what OS it maybe. I would say "Windows" is a last choice for
a secure OS out of the box.

All I can say is your OS will be as secure as the administrator is.

Just my 2cents.

Stay Safe!~

Dominick S.

-----Original Message-----
From: Vasiliy Boulytchev [mailto:linux@boulytcheva.com]
Sent: Monday, July 29, 2002 4:05 PM
To: Ash
Cc: securitybasics
Subject: Re: Firewall problem

Well,
    Forget Microsoft's suggestions about staying secure. Scratch the
costs of MS ISA server, or whatever they call that junk these days, and
install Mandrake, Suse, Red Hat :( , anything but winblows. I know
FreeBSD/OpenBSD blows tux out of the water, but you should start at
something simpler. Regards, Vasiliy Boulytchev Colorado Information
Technologies Inc.
----- Original Message -----
From: "Ash" <ashcrow@phreaker.net>
To: "Chris Berry" <compjma@hotmail.com>
Cc: <security-basics@securityfocus.com>
Sent: Tuesday, July 23, 2002 8:32 PM
Subject: Re: Firewall problem

> More information would be great. A short sollution would be to use
> OpenBSD pf. It not only has a good amount of documentation but is also

> on of the most veritile firewall solutions arround.
>
> Please give some more information on the configuration (like the rules

> implemented).
>
> Thanks,
> Ash
>
> ---
> Darkfire Secure Linux -- http://www.gnulinux.net
>
> On Tue, 2002-07-23 at 12:11, Chris Berry wrote:
> >
> >
> > We're using MS ISA server as our firewall. In accordance with
> > their best practices recommendation I've put it on a dual-homed
> > machine and
set
> > up only the external interface with a default gateway. Our internet

> > connection is working well, and as far as I can tell reasonably
> > secure. However we can't connect telnet traffic, nor can I ping
> > internet sites, even though I have rules configured that should
allow this.
> > Previously all of this worked but people without a proxy client
could
> > still connect to the internet which we didn't want. I might be able

> > to reconfigure the routing tables to allow that kind of traffic but
> > I'm not sure thats the right solution. My terminal emulator program

> > doesn't natively support proxies. We're on a very limited budget so

> > any
solution
> > I find probably has to be free. Does anyone have any suggestions or

> > do you need more information?
>
>
>
>



Relevant Pages

  • RE: Firewall problem
    ... your "secure" right out of the box. ... Subject: Firewall problem ... >> We're using MS ISA server as our firewall. ... >> However we can't connect telnet traffic, nor can I ping internet sites, ...
    (Security-Basics)
  • Re: Firewall problem
    ... Subject: Firewall problem ... > your "secure" right out of the box. ... >>> We're using MS ISA server as our firewall. ... >>> However we can't connect telnet traffic, nor can I ping internet ...
    (Security-Basics)
  • [Full-disclosure] Stealthier Internet access
    ... Stealthier Internet access ... Nevertheless anonymous and secure communication in the world today is ... (Here are few basic bookmarks to improve Stealthier internet access for windows) ...
    (Full-Disclosure)
  • Re: [Full-disclosure] AntiSec <3s nginx
    ... It really seems like the first attribute of your "secure internet" ... It's a bit of an ideal to eliminate anonymity on the internet. ... Wyatt Earp would be the government. ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: Big security problem
    ... Welcome to the Internet. ... > well and always use strong passwords. ... That's one facet of a secure PC, ... > SPAM EMAIL/JUNK MAIL ...
    (microsoft.public.security)