RE: VPN's - Firewall's and Security
From: Shota Gedenidze (security_at_tub.ge)
Date: 08/27/03
- Previous message: Zachary Mutrux: "RE: automatic update on Mac OS X"
- Next in thread: HOULE, FRANCIS: "RE: VPN's - Firewall's and Security"
- Reply: HOULE, FRANCIS: "RE: VPN's - Firewall's and Security"
- Maybe reply: Christopher Joles: "RE: VPN's - Firewall's and Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Christopher Joles'" <CJoles@proteabhs.com>, <security-basics@securityfocus.com> Date: Wed, 27 Aug 2003 10:53:20 +0400
Hi there,
Since you have vpn it is not firewalled!
You had configured that vpn users access internal network, You need to
modify your PIX Config, you have configured "crypto map [mapname] match
address [access-list name]"
You should modify that access-list and prohibit there following traffic:
Tcp/udp 135, 137, 139, 445
These ports are commonly used by rpc service.
Also block tftp protocol , tcp port 4444- this port is opened by
blaster.
My advise:
Block everything and then allow ONLY important protocols you use.
In access-lists use permit tcp, permit udp, permit icmp rather than
permit ip which is less specific.
Sincerely,
Shota Gedenidze.
-----Original Message-----
From: Christopher Joles [mailto:CJoles@proteabhs.com]
Sent: Tuesday, August 26, 2003 7:09 PM
To: security-basics@securityfocus.com
Subject: VPN's - Firewall's and Security
Good Day All!
I'm looking for design advice.
Currently, I have a network that is protected by a Cisco PIX 515 =
firewall. We have it configured to protect our internal network along =
with supplying access to our DMZ which holds our email and web servers.
My concern arises from the spread of the blaster worm. Currently we =
give a couple employees (the boss, the CFO and myself) VPN access from =
home. In this scenario, the bosses home computer was compromised by the
= blaster worm and luckily for me, he was on vacation in Germany at the
= time. If he wasn't, he most assuridly would have made a VPN
connection = and the lovely blaster worm would have gotten through our
defenses. = Keep in mind, I had applied the MS patch to our servers and
= workstations, however, it would have still gotten "inside". How can I
= redesign my network to either firewall the VPN connections or at a =
minimum filter them.
Thanx for your opinions in advance!
Christopher J. Joles
Chief Information Officer
PROTEA Behavioral Health Services
187 Exchange St.
Bangor, ME 04401
Phone: (207)992-7010 Ext: 245 Fax:(207)992-7011
------------------------------------------------------------------------
--- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
- Previous message: Zachary Mutrux: "RE: automatic update on Mac OS X"
- Next in thread: HOULE, FRANCIS: "RE: VPN's - Firewall's and Security"
- Reply: HOULE, FRANCIS: "RE: VPN's - Firewall's and Security"
- Maybe reply: Christopher Joles: "RE: VPN's - Firewall's and Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
