Re: Hijack well-known ports

• Previous message: Infant Newbie: "Re: Watchguard Firebox II for playing around."
• In reply to: Bluto: "Re: Hijack well-known ports"
• Next in thread: Bluto: "Re: Hijack well-known ports"
• Reply: Bluto: "Re: Hijack well-known ports"
• Reply: Wes Groleau: "Re: Hijack well-known ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 03 Apr 2004 03:10:18 GMT

> All I can say is that I hope you aren't involved with network
> security on behalf of any company I do business with! A "secure
> company LAN" is only as secure as the weakest link, anywhere on
> the network.
>
> All it would take, to totally compromise such a network, is ONE
> road warrior with a laptop that's allowed back on the network,
> without a total scan for viruses AND trojans AND unknown processes.
>

I am not going to get involved with this, that, and the other with you on
this. It's not my job to provide security solutions for the company. That's
someone else's responsibility to be held accountable for whatever issues the
company may have concerning security of the company LAN.

There has been no companies that I have worked for as an employee or
consulted with that installed personal FW(s) on desktop machines in a secure
LAN situation. And I have been in a number of large companies in the last
few years.

As I explained earlier, they do have host based FW(s) installed on tele
commuter workstations and for those who are on the road with their laptops.
The company also provides a router solution if requested, if it can be
justified. All of the machines have an AV solution installed.

Is anyone going to show up at someone's desk requesting that they do a scan
of someone machine before they connect to the LAN again with the 100(s) of
employees that have this ability, forget about it.

Most companies are not going to run around installing PFW solutions on
desktop machines in a secure LAN situation. It may not be what is the
prudent choice, but that is what is happening in most companies, like it or
not.

If you have a problem with that, then take it up with those who may be
receptive to your view point.:)

I am not one of them. :)

Duane :)

• Previous message: Infant Newbie: "Re: Watchguard Firebox II for playing around."
• In reply to: Bluto: "Re: Hijack well-known ports"
• Next in thread: Bluto: "Re: Hijack well-known ports"
• Reply: Bluto: "Re: Hijack well-known ports"
• Reply: Wes Groleau: "Re: Hijack well-known ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: NAT external/Public IP ... On 2007-10-30 Security Incidents wrote: ... It doesn't make a host any more or less ... secure than it already is. ... public IP addresses in your LAN means that the firewall at the ... (Security-Basics) Re: wireless security ... It increases security even for private LANs. ... ISP clueful enough to offer VPN ... If we browsing at a secure site, ... The exposure I had in mind is that someone might tap into a wired LAN. ... (alt.internet.wireless) Re: WOL security issue ... issue if somebody inside our LAN is infected with malware. ... WOL itself is not a security issue. ... it needs to know the MAC address of the ethernet card. ... (alt.internet.wireless) Re: Unauthorised switchport access ... Your LAN becomes a major target to ... And don't be pacified into a false sense of security by VLANs they are ... Lock all non used switchports and enable a "sticky" MAC learning ... Look into Network Access Control, even if you don't want to ... (Security-Basics) Re: A new concept for security management? ... Creating a LAN is no problem. ... What they'd still be missing is active security. ... >bare-bones LAN for the company and let an MSSP provide the security. ... Anti-Virus software with auto-updating. ... (Security-Basics)