Security Basics mailing list archives
RE: Need help from a group of experts. I am not a network expert but I play one on tv.
From: LordInfidel <LordInfidel () Directionweb com>
Date: Thu, 11 Sep 2003 14:30:14 -0400
Randy, If I had half a penny for every port scan and "bot" initiated attack, i'd be a rich admin. With that said, and my point for saying is, that it's almost pointless to try to track these people down. Since most of it is coming from owned machines. The single most important thing when it comes to firewalls and security. Is a good ruleset. As long as you make sure that you are only allowing in what you really want, and out what you really want. That is half the battle. Restricting POP3 e-mail on your network is a step in a right direction. That's not to say there is not a place for it on your network. You could enable it, but only allow tcp/110 connections to your POP3 server. Same for outbound smtp (tcp/25) connections. Limit the ability of what they can connect to. The next important piece is AV software at the desktop. Configured so that not only does it scan e-mail, and system files. But *all* downloaded attachment and files both from e-mail and the net. I say *all* because allot of AV scanners have default files to scan. You want to scan everything though. *-Reverse Hacking, while tempting, is itself hacking. Like I said before, most attacks are coming from owned machines. So reverse hacking those machines you have just violated an innocent persons machine, and can now be prosecuted. *-Penetration testing- Yes, there are numerous such programs. Most of us have several of these tools available. They range from simple port scanners like fscan, to nmap which has numerous scanning uses. To vuln scanners like N-Stealth, ISS security scanner and CyberCop. Always run these from outside of your network so that you get an accurate reading. LordInfidel -----Original Message----- From: Randy Opper [mailto:ropper () firstsecurityonline com] Sent: Wednesday, September 10, 2003 8:36 PM To: security-basics () securityfocus com Subject: Need help from a group of experts. I am not a network expert but I play one on tv. I am an owner of a small business with less than 25 staff members. We do not have the budget to afford a tech person on staff. I am a power user that has taken over the task of trying to secure our T1 and I am unclear of how to handle a few issues. 1. Each day my Sonicwall firewall is hit buy at least 3 Sub Seven attacks. The firewall does say that they are blocked. I have converted my users to all use webmail with no attachment download to prevent pop3 mail virus issues. ? How do you track down these attackers when the ip address will not resolve and when i trace them they just don't list. I get the ip from the firewall log and try to trace route to no avail. ? Does the webmail stop all issues of mail attacks? ? Does a program exist that would reverse hack or fight back against these attacks daily? ? Does a program exist that could test my network on the internet to see if the firewall is good enough or will someone tell me how I can try to trash it to test it. Randy Opper First Security Almost A Network Admin P.S. I also run Zone Alarm Pro at home, Does it work? --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. LordInfidel (Sep 11)
- <Possible follow-ups>
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. Halverson, Chris (Sep 11)