Security Basics mailing list archives

RE: Need help from a group of experts. I am not a network expert but I play one on tv.

From: "Roger A. Grimes" <rogerg () cox net>
Date: Thu, 11 Sep 2003 15:05:48 -0400

Randy,

1.  Don't worry about the SubSeven attacks.  They are random, occur
everywhere, and are not successful.  You'll spend much more effort trying to
discover who is scanning than it is worth.  In many cases, if you were to
expend the effort and track down the computer, it would lead to an innocent
person's computer that is compromised.  Believe me, not worth the time.

2.  No, preventing file attachments alone won't stop all email attacks.  It
is easy to embed malicious HTML code (scripts, links, etc.) into an email.
To prevent email attacks, block file attacks and make sure all email is
plain text only (disable all active content and HTML coding).

3.  Yes and no.  Some programs exist that would track the hacker back...but
again, many times the hacker has just compromised some other person's
computer and is using that computer to do the hacking.  Unless that computer
has tracking software enabled or you have a search warrant and lots of free
time to do research and pour over router logs, you aren't going to find out
the culprit.  It is not legal hack back the hacker.

4.  Sonicwall is a good firewall...but any firewall depends on how well you
have it configured.  And a firewall is only one step in your computer
defense plan.  You must also:
1.  Keep patches up to date.
2.  Use AV software.
3.  Make sure OS has tightened security permissions.
4.  Secure email.
5.  Educate your employees and keep them off bad sites and from opening bad
emails.

There are several free vulnerability analyzers that will test your firewall
defenses, including the popular (but not very extensive) testing of Gibson's
Shields Up test site (www.grc.com).

Roger

***************************************************************************
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg () cox net
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode/
*Author of Apress's upcoming Honeypots for Windows
***************************************************************************


-----Original Message-----
From: Randy Opper [mailto:ropper () firstsecurityonline com]
Sent: Wednesday, September 10, 2003 8:36 PM
To: security-basics () securityfocus com
Subject: Need help from a group of experts. I am not a network expert
but I play one on tv.


        I am an owner of a small business with less than 25 staff members. We
do not have the budget to afford a tech person on staff. I am a power
user that has taken over the task of trying to secure our T1 and I am
unclear of how to handle a few issues.

1. Each day my Sonicwall firewall is hit buy at least 3 Sub Seven
attacks. The firewall does say that they are blocked. I have converted
my users to all use webmail with no attachment download to prevent pop3
mail virus issues.
                ? How do you track down these attackers when the ip address will not
resolve and when i trace them they just don't list. I get the ip from
the firewall log and try to trace route to no avail.

                ? Does the webmail stop all issues of mail attacks?
                ? Does a program exist that would reverse hack or fight back against
these attacks daily?
                ? Does a program exist that could test my network on the internet to
see if the firewall is good enough or will someone tell me how I can
try to trash it to test it.





Randy Opper
First Security
Almost A Network Admin


P.S. I also run Zone Alarm Pro at home, Does it work?



---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Need help from a group of experts. I am not a network expert but I play one on tv. Randy Opper (Sep 11)
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. David Gillett (Sep 11)
- RE: Need help from a group of experts. I am not a network expert but I play one on tv. Roger A. Grimes (Sep 11)
- <Possible follow-ups>
- Re: Need help from a group of experts. I am not a network expert but I play one on tv. Chris Berry (Sep 11)