Re: preventing username enumeration on NT4

From:
Date: 06/04/02 

Date: Tue, 04 Jun 2002 12:57:21 +0200

Dazza wrote:

>
> >What about packet filtering at the router? What options do I have there?
> >And an application firewall? I am not entirely sure which ports I must
> >leave open to the world for the following functions:
> >- PDC / web server (IIS 4) / shared drives
> >- BDC / web server (IIS 4, OWA) / Exchange Server
>
> While you continue to expose your internal network to the outside
> world, you WILL have problems with security.

And I'd say, with his relevant lack in security, he ought to be
reviewing IIS with a fine tooth comb...

As Dazza has already said, PDC / BDC with web services is a really,
really bad idea.

> If you are only talking about sharing drives on your internal network
> (and not across the internet) then you should be blocking the Netbios
> ports from the outside world.
>
> It sounds as though you aren't even using a firewall.
>
> >Is it possible to grab an old computer and write an application that
> >intercepts "bad" packets coming towards my PDC & BDC, and then send back
> >the appropriate response to make the targets seem like they're not there?
> >Any resources on undertaking such a task (I only have basic socket
> >programming experience)?
>
> Look at getting an older computer (a 486 or any older pentium would be
> fine, but use reliable hardware), and running a Linux firewall on it
> (Iptables). Also, run Snort, or another IDS (intrusion Detection
> System) on it as well, but only after you learn how to secure it, and
> understand the logs.

Read up on DMZs. Here's a starter link:
http://rr.sans.org/firewall/DMZ.php

>
> You could use something like Smoothwall or IPCop if you need a quick
> solution.
>
> http://www.smoothwall.org/community/home/
>
> Smoothwall GPL is free.

Having not used it, I'm not really in a position to criticise, but I
know that Smoothwall took a bit of a kicking on comp.os.linux.security -
nagware, violation of GPL, etc. I'd suggest hunting through the
archives to have a read first.

bomba 

-- 
Welcome to bomba's Wonderful World of FAQs (TM)

alt.bmx FAQ: http://bombacommand.iwarp.com/bmx_faq.htm

alt.mountain-bike FAQ: http://bombacommand.iwarp.com/ambfaq.htm

Relevant Pages

  • Re: preventing username enumeration on NT4
    ... As Dazza has already said, PDC / BDC with web services is a really, ... > It sounds as though you aren't even using a firewall. ... > You could use something like Smoothwall or IPCop if you need a quick ... alt.mountain-bike FAQ: http://bombacommand.iwarp.com/ambfaq.htm ...
    (comp.security.misc)
  • Re: preventing username enumeration on NT4
    ... As Dazza has already said, PDC / BDC with web services is a really, ... > It sounds as though you aren't even using a firewall. ... > You could use something like Smoothwall or IPCop if you need a quick ... alt.mountain-bike FAQ: http://bombacommand.iwarp.com/ambfaq.htm ...
    (comp.security.misc)
  • Re: preventing username enumeration on NT4
    ... As Dazza has already said, PDC / BDC with web services is a really, ... > It sounds as though you aren't even using a firewall. ... > You could use something like Smoothwall or IPCop if you need a quick ... alt.mountain-bike FAQ: http://bombacommand.iwarp.com/ambfaq.htm ...
    (comp.os.ms-windows.nt.admin.security)
  • Need help with queuing
    ... I want to set up multiple queues to prioritize online games ... name...the one you want the packets matching that rule to go into? ... Another thing I don't get is the following from the first FAQ ... Isn't that rule just blowing a huge hole in the firewall ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Novice asks "OpenBSD best firewall?"
    ... "SmoothWall Express is an open source firewall distribution based on the ... Linux is the ideal choice for security ... OpenBSD is an awesome OS that is secure by default. ...
    (Security-Basics)
Quantcast