Re: Hijack well-known ports

From: Bluto (arf-arf_at_doubleclick.net)
Date: 04/03/04

Next message: Duane Arnold: "Re: Hijack well-known ports"
Previous message: Chuck: "Re: question about hardware firewall"
In reply to: Duane Arnold: "Re: Hijack well-known ports"
Next in thread: Duane Arnold: "Re: Hijack well-known ports"
Reply: Duane Arnold: "Re: Hijack well-known ports"
Reply: Duane Arnold: "Re: Hijack well-known ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 03 Apr 2004 07:49:39 -0500

Duane Arnold wrote:

> I am not going to get involved with this, that, and the other with you on
> this. It's not my job to provide security solutions for the company. That's
> someone else's responsibility
<SNIP>

. . . sorta what I figured.

> There has been no companies that I have worked for as an employee or
> consulted with that installed personal FW(s) on desktop machines in a secure
> LAN situation. And I have been in a number of large companies in the last

I wasn't challenging the "as it's done" bit of your post.

> As I explained earlier, they do have host based FW(s) installed on tele
> commuter workstations and for those who are on the road with their laptops.
> The company also provides a router solution if requested, if it can be
> justified. All of the machines have an AV solution installed.
>
> Is anyone going to show up at someone's desk requesting that they do a scan
> of someone machine before they connect to the LAN again with the 100(s) of
> employees that have this ability, forget about it.

Actually, it's becoming routine at many colleges.

This past fall, and again after Xmas break, multiple college networks
were taken down by the huge volume of outgoing scans and attacks
emanating from returning laptops that had become infected over the
holidays.

Companies tend to conceal such breaches, as I noted before, but
I'm confident that the same pattern exists.

> Most companies are not going to run around installing PFW solutions on
> desktop machines in a secure LAN situation. It may not be what is the
> prudent choice, but that is what is happening in most companies, like it or
> not.

Again, I wasn't questioning the area where you seem to have some
knowledge: "how things are done". I was questioning the area where
you seemed not so knowledgeable, with respect to "what is the
prudent choice".

It sounds like we may not disagree, when we stick to areas where
we have actual knowledge!

> If you have a problem with that, then take it up with those who may be
> receptive to your view point.:)

No, that's why I have firewalls, and take steps to protect myself,
when I order online personally. But, I am afraid that we are going
to see some 'hard times', with the Internet, as businesses jump
on without adequate protection, get badly burnt, and then withdraw
into their shells, feeling that adequate protection is impossible.

You may not have noticed the rather low-profile stories about
accounting firms, who've used some of MS's collaborative features,
to work on client accounts, being blackmailed by eastern European
hackers who've popped their networks. But, you can be pretty
sure that the guys who've paid off the blackmailers won't be
going back on the Internet for a LONG time!

A similar pattern is already visible, with respect to email
being used less, due to a deluge of spam. And, yet, relatively
simple low cost steps could stop most spam. Due to a newletter
I've published, over 10,000 people have had my primary email
address for over 4 years, and yet I STILL receive virtually
no spam on that address!

I agree that it's quite possible to get carried away by
security. However, I think the real problem is that few
in corporate networking really understand network security,
and consequently, don't opt for some of the relatively
simple, yet effective steps that they can take.

Next message: Duane Arnold: "Re: Hijack well-known ports"
Previous message: Chuck: "Re: question about hardware firewall"
In reply to: Duane Arnold: "Re: Hijack well-known ports"
Next in thread: Duane Arnold: "Re: Hijack well-known ports"
Reply: Duane Arnold: "Re: Hijack well-known ports"
Reply: Duane Arnold: "Re: Hijack well-known ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Information Needed on Malicious Traffic
... what percentage of traffic entering your networks (and on ... My suggestion would be not to include spam into this. ... of e-mail messages with malicious content ... world's premier technical IT security event! ...
(Incidents)
RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
... Subject: RE: MS SQL WORM IS DESTROYING INTERNET ... Perhaps some of the .edu admins need to ... >basic network design concepts and security. ... But the admins whose networks got hit *still* didn't ...
(Full-Disclosure)
Re: << SBS News this week 7/25/2004>>
... > Homeland security has become a key issue in the US. ... > the Virginia Cyber-Crime Strike Force. ... > Fifteen employees at Los Alamos National Laboratory ... > networks is urgently required but agreed to work ...
(microsoft.public.windows.server.sbs)
Re: [Full-disclosure] A Botted Fortune 500 a Day
... I believe security of an organisation is orthogonal to the number of ... >> Fortune 500 companies have more employees than some ISPs have customers. ... > compromises on their internal networks. ...
(Bugtraq)
Re: afain, the market fails
... These networks are poorly defended and vulnerable to theft, ... One of many hurdles to meeting this goal is that the private sector owns ... not protecting national security. ... This is a classic market failure that only government leadership can ...
(soc.retirement)