Re: Security Questions
From: RCC (rcc76@hotmail.com)
Date: 09/02/02
- Next message: RCC: "Re: TCP/IP Filtering"
- Previous message: RCC: "Re: Security Questions"
- In reply to: NeoSadist: "Re: Security Questions"
- Next in thread: Jeff Cochran: "Re: Security Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "RCC" <rcc76@hotmail.com> Date: Tue, 3 Sep 2002 07:53:11 +1200
Reply is inline.
"NeoSadist" <Ne0$@d1$t> wrote in message
news:un6un2406ruped@corp.supernews.com...
>
> "Evan Camilleri" <evan.nospam@holistic.com.mt> wrote in message
> news:urWwJ1kUCHA.2716@tkmsftngp12...
> > My network uses NAT. What are my security loopholes? How can I check
if
> > there is a possible attack? Can I know who is accessing my system, and
> what
> > is being accessed?
> > How can I disable access to my network for an ip or range of ip?
> >
> > Evan
> >
> >
>
>
> NAT is only address translation. I think it blocks nearly all trojans
from
> contacting their home, but I'm not so sure.
HA. Has nothing to do with trojans. Actually it doesn't, NAT by default
allows all conections innitiated from inside (trojans for example).
> I'd strengthen the security of
> the computers themselves. Also, try getting a router or gateway with more
> than just NAT.
I assume you're reffering to packet filering, right? With proper
INGRESS/EGRESS filtering, along with other rules specific to one's
requirement, this could offer some protection agains well known network
based attacks. However, check nmap to see how easy the packet filters can be
bypassed for a port scan for example.
> If you want to know if someone is accessing your system,
> turn auditing on (win2k), and watch your internet traffic logs for inbound
> and outbound traffic. If you see a lot of incoming traffic from the same
IP
> or similar IP class, it could be an attack.
> If you want to disable access to your network from an ip or ip class, you
> need to specify this in the router, or get software firewalls for your
> computers and do it that way (norton personal firewall, corporate
edition).
Not quite. Unless port mapping nat is used to publish a service/port,
incoming connection requests are discarded by default (translation from
public to private range, or NAT table, will not forwards incoming)
> Are you a home user or a business admin? If only a home user, just make
the
> computers stand-alone boxes by telling win2k (or whatever you use) to not
> allow access from the network. If a business admin, I'd say ask Symantec
> (if you have the money), or just hang out at hacker newsgroups (but don't
> post) and listen to see if new hacks or exploits come about. Check other
> security sites often. There's this place called SANS.org (I think) that
you
> can register with and read up on security. The more you know, the better.
Good advice.
Anyway, depending on the network size, a gateway firewall could be a better
solution instead of configuring individual software firewalls on each
host...
check
http://www.google.com/search?num=20&hl=en&lr=&ie=UTF-8&safe=off&q=Network+ad
dress+translation+vulnerable&spell=1 (address could wrap)
Regards,
RCC
- Next message: RCC: "Re: TCP/IP Filtering"
- Previous message: RCC: "Re: Security Questions"
- In reply to: NeoSadist: "Re: Security Questions"
- Next in thread: Jeff Cochran: "Re: Security Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
