Re: Notifying user of open Internet access
From: Leythos (void_at_nowhere.lan)
Date: 12/14/04
- Next message: Max Mustermann: "Re: Encase 4.20 (the premier computer forensics tool) Posted"
- Previous message: EDOOD: "Re: Security Incident Statistical Analysis"
- In reply to: EDOOD: "Re: Notifying user of open Internet access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Dec 2004 18:33:32 GMT
In article <z7Gvd.42745$6q2.5342@newssvr14.news.prodigy.com>, "EDOOD"
<info<nospam>@thecomputerdood.com> says...
> My final comment is that Windows was not designed from the start for the
> Intenet. I believe the Port 139 was for Netbios shares, in a controlled
> environment. In my opinion ( I am entitled to an opinion), this is a
> serious flaw in the whole computing market.
I agree with the above - From what I can see, the idea of the internet
didn't enter their planning until after they started with Windows 95.
With Win 3.11 you needed those shares to make life easy for
administrators of networks, but you also didn't expose those systems to
the public networks.
[snip]
> and am amazed by the sheer ignorance of the public, as regard
> to security and safety.
I really is amazing, and on such a large scale, even with publicity,
it's just too daunting of a task to expect a non-technical person to
secure their machines, let alone even understand that they are exposed.
> I always use a NAT box, before putting a Windows box on the Internet. I
> block Ports 135-139, and 445 automatically. I also have logs that are
> generated (SYSLOG'S), and I review, to see where vulnerabilities...Lately, I
> use a service like www.grc.com "Shields Up", to see where my vulnerabilities
> are.
NAT is a great thing, and the NAT devices have been in the SOHO market
for about 5 years - Linksys started it with the BEFSR41 Cable Modem
Router (before it was called a firewall - which it's not). It's the one
device I can hand to a client, or let them purchase on their own, that
they can connect and be using in under 10 minutes without any additional
help.
With your router, not sure which one, make sure that you blocked
OUTBOUND to destination ports 135~139,445, and not just inbound on those
ports. You won't be missing anything by blocking them. In many cases it
can keep a compromised machine on your network from spreading a
virus/worm outside it to the public.
> I just wanted to know if you would heads up someone. Obviouisly, I never
> meant to get the dire warning, or hear about ISP Gestapo tactics...I just
> wanted to hear a concensus...What troubles me more is that no one can get
> into a discussion without name calling, or threatening tone.
Yea, it's like that a lot, there are always people that don't have much
of a backing to stand on, or lack the technical background, so they feel
threatened and instead of taking a mature angle on the thread they start
being snide and making foul comments. That's when you know you might as
well hang it up, they are not really listening and won't understand.
> I have come to respect the opinions (and that is what they are) of the
> postings on this group. It is sad that a (relatively) educated bunch of
> people have to resort to name calling, in order to get their opionon
> expresses. I for one value the postings here. I never would doubt
> someone's credentials, if I thought A) they express themselves clearly B)
> The pass the "SMELL" test (does it make sense??) C) The leave the nasty
> comments out of it.
It's a good process, and you are correct, we are all giving opinions
based on our training, backgrounds, experience, and most of us on what
we've actually found to work or not work. There are times, when dealing
with the immature, after countless attempts, that I succumb to weakness
and make a crass comment. At that point the other side got what they
wanted, which was not a discussion, but to see who they could get upset
enough to break.
In the early days, before the web was invented, and before the masses
entered Usenet, it was almost always a great place to chat, we could
even issue cancel bots that would erase posts from flamers and trolls,
but it's not ethical to do that any more :)
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Max Mustermann: "Re: Encase 4.20 (the premier computer forensics tool) Posted"
- Previous message: EDOOD: "Re: Security Incident Statistical Analysis"
- In reply to: EDOOD: "Re: Notifying user of open Internet access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
