Security Basics mailing list archives
RE: Need help from a group of experts. I am not a network expert but I play one on tv.
From: "Roger A. Grimes" <rogerg () cox net>
Date: Thu, 11 Sep 2003 15:05:48 -0400
Randy, 1. Don't worry about the SubSeven attacks. They are random, occur everywhere, and are not successful. You'll spend much more effort trying to discover who is scanning than it is worth. In many cases, if you were to expend the effort and track down the computer, it would lead to an innocent person's computer that is compromised. Believe me, not worth the time. 2. No, preventing file attachments alone won't stop all email attacks. It is easy to embed malicious HTML code (scripts, links, etc.) into an email. To prevent email attacks, block file attacks and make sure all email is plain text only (disable all active content and HTML coding). 3. Yes and no. Some programs exist that would track the hacker back...but again, many times the hacker has just compromised some other person's computer and is using that computer to do the hacking. Unless that computer has tracking software enabled or you have a search warrant and lots of free time to do research and pour over router logs, you aren't going to find out the culprit. It is not legal hack back the hacker. 4. Sonicwall is a good firewall...but any firewall depends on how well you have it configured. And a firewall is only one step in your computer defense plan. You must also: 1. Keep patches up to date. 2. Use AV software. 3. Make sure OS has tightened security permissions. 4. Secure email. 5. Educate your employees and keep them off bad sites and from opening bad emails. There are several free vulnerability analyzers that will test your firewall defenses, including the popular (but not very extensive) testing of Gibson's Shields Up test site (www.grc.com). Roger *************************************************************************** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: rogerg () cox net *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode/ *Author of Apress's upcoming Honeypots for Windows *************************************************************************** -----Original Message----- From: Randy Opper [mailto:ropper () firstsecurityonline com] Sent: Wednesday, September 10, 2003 8:36 PM To: security-basics () securityfocus com Subject: Need help from a group of experts. I am not a network expert but I play one on tv. I am an owner of a small business with less than 25 staff members. We do not have the budget to afford a tech person on staff. I am a power user that has taken over the task of trying to secure our T1 and I am unclear of how to handle a few issues. 1. Each day my Sonicwall firewall is hit buy at least 3 Sub Seven attacks. The firewall does say that they are blocked. I have converted my users to all use webmail with no attachment download to prevent pop3 mail virus issues. ? How do you track down these attackers when the ip address will not resolve and when i trace them they just don't list. I get the ip from the firewall log and try to trace route to no avail. ? Does the webmail stop all issues of mail attacks? ? Does a program exist that would reverse hack or fight back against these attacks daily? ? Does a program exist that could test my network on the internet to see if the firewall is good enough or will someone tell me how I can try to trash it to test it. Randy Opper First Security Almost A Network Admin P.S. I also run Zone Alarm Pro at home, Does it work? --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Need help from a group of experts. I am not a network expert but I play one on tv. Randy Opper (Sep 11)
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. David Gillett (Sep 11)
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. Roger A. Grimes (Sep 11)
- <Possible follow-ups>
- Re: Need help from a group of experts. I am not a network expert but I play one on tv. Chris Berry (Sep 11)