Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPTables Based Firewall Testing - apps

From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Fri, 19 Dec 2003 12:45:23 -0800 (PST)

hi ya 


      
      "We have a "line of defense" that doesn't stop at the door."
Well so do any security professional worth their salt. You don't just
drop in a firewall and say your secure.


and the problem is how to convince them that the fw is not the answer :-)


You install Anti-Virus, you
manage you patches and updates, and you fortify your network with IDS
sensors. You install syslog redirection and log monitoring.


yupp... 24x7x365 .. doesnt end at 5pm

if your IDS detects a problem ... its too late .. game over ...
        - the cracker is inside ..


Run scans of
your network for security problems, check to see if people are sniffing
your network. You have layers of security, you know like an Onion, or
Cake, ohhhh everyone like Parfaits.


chocolate parfait w/ a good bottle of wine please :-) 


      "... high percentage of real hacks and security violations
happen ( or
appear to happen ? ) from within an organization..."


80% of security problems are usually from "management" and "misguided admin"
that hasnt been thru the school of hard knocks yet
        and dhcp, wireless and laptops makes the problem 1000x more complex
        even though nobody does "real work" at home on their laptops
        "(in)secure home environment" and hotels and internet cafe


This is, from my
experience true but depends on what your company/org does. Having worked
for local banks and being outsourced to local government agencies and
high-tech firms the number of critical security breaches that occurred
from within far outweighed any virii or script kiddies. 


script kiddies are the best thing that happened !!!

-- they give you free security audits
-- the exploit codes they're using are known to work and is very good
   at testing your known easily targetted vulnerabilities
-- they are usually harmless 
        - defacing your website, running irc, sending out spam

        - malicious crackers would erase your "corporate data"
        and your backups tooo if you're silly enough to expose
        backups too

-- you learn real fast what your obvious security problems are ...

c ya
alvin

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: