RE: Removing ping/icmp from a network

Apologies for mistakenly attributing the 'supposedly secure' point and the
OP to Strykar when I meant Secure This.

-----Original Message-----
From: Murda Mcloud [mailto:murdamcloud@xxxxxxxxxxx]
Sent: Thursday, March 27, 2008 8:50 AM
To: 'Strykar'; 'security-basics@xxxxxxxxxxxxxxxxx'
Subject: RE: Removing ping/icmp from a network

I think the important thing here is where Strykar says 'supposedly
secure'.
What are the risks that you can see on that network? Are there enough
risks to tip it past the 'trusted' point.
Granted, 'trusted' is just a label, and not a metric as such here.
I know the word has a meaning in the 'inside of the perimeter and not the
DMZ' sense but what else does it mean to people?

Scott Ramsdell said:
Even on my trusted LAN, I only allow echo request/echo reply.

Which made me wonder, is that a 'trusted' LAN then? Different networks
have different needs and different risks to address.
When does it stop being trusted? Because it's outside a firewall? Behind
a router? Because I don't know the people using the clients on the LAN?
What does everyone else think?
Obviously I don't trust some of my users not to mistakenly or
purposefully access risky websites or services-otherwise I wouldn't have
controls in place to mitigate that. But they are on my 'trusted' LAN.
So trusted seems a fuzzy concept here; a human word for a human
situation.

Personally, I'd find it very difficult to do my job without Mike Muss'
awesome little program, ping. So blocking ICMP is not going to happen on
the inside...of my, uh, trusted LAN.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Strykar
Sent: Wednesday, March 26, 2008 10:30 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Removing ping/icmp from a network

You don't discourage ICMP on a network, that's uninformed Jim the
farmer
cum
Sysad talk.


- S

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
On
Behalf Of Secure This
Sent: Tuesday, March 25, 2008 10:00 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Removing ping/icmp from a network

I have a variety of clients with data centres who all make use of
icmp/ping to monitor their servers/appliances/devices (often with
poorly
configured snmp versions 1 and 2).

Could anybody kindly advise me of tools and strategies for minimising
or
removing the use of icmp/ping on a supposedly secure network?

Thanks in advance

Relevant Pages

  • Re: What security package for SBS?
    ... I have a secure Windows network. ... I also have a secure MacMini and on occasion a secure Ubuntu. ... With a business class firewall stripping crap off all incoming traffic and properly implemented security policies in addition to giving your users absolutely no admin rights, there is no reason to believe you can't create a secure Microsoft Network. ...
    (microsoft.public.windows.server.sbs)
  • Re: Wifi Security
    ... Then add in good practices and secure those endpoints! ... I have changed the security to WPA2 with a 128bit ... and attempt to break into her wireless internet connection. ... part of her network cannot do WPA2 but you actually want her network to ...
    (microsoft.public.security)
  • RE: One computer two different networks
    ... Internet connection and one an internal secure connection tempts one ... You have a private network with no Internet for the reason that you ... in Information Security. ...
    (Security-Basics)
  • RE: Business Thoughts
    ... We work in a very secure network with unbelievable constraints. ... online retail business because of "security." ... and very limited internet site exploration. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Securing network from laptops
    ... > Any ideas on a more secure way of treating laptops which are plugged ... > into a LAN. ... Currently our users can take there laptops home/business ... > trip and then they can come back in and plug into the network. ...
    (comp.security.misc)