Re: Fwd: what should I do when....

[Adriel Desautels <adriel () netragard com>]

Eric,
	Yes, and that is a part of the point that I was trying to make to the 
people on this list. That is also a part of the reason why my opinion 
about firewalls is what it is. Nice post man!

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Eric Starace wrote:
> First, blocking all traffic in and out would really defeat the purpose
> of having the host/server/workstation/whatever on a network.  Save
> yourself some money and remove your firewall, routers and ISP service
> if that is what you are currently doing.
>
> Second, when thinking security you would be a fool if you were just
> thinking about overt malicious threats from outside of the network.
> You must layer security and never rely on a single solution.  You'll
> get bitten and not realize it until your way over your head.
>
>
> On 7/10/08, Sergio Castro <sergio.castro () unicin net> wrote:
> > Let me try to understand what you are saying. If you block ALL traffic,
> > inbound and outbound, with a firewall, how then, would a hacker get into the
> > system?
> >
> > -----Mensaje original-----
> > De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En
> > nombre de Adriel Desautels
> > Enviado el: Miércoles, 09 de Julio de 2008 10:00 a.m.
> > Para: Ansgar -59cobalt- Wiechers
> > CC: security-basics () securityfocus com
> > Asunto: Re: what should I do when....
> >
> > Ansgar,
> >        You can not bullet proof a computer system by using a firewall even
> > if you block all traffic to and from that system. In most configurations
> > firewalls block inbound connection attempts to *internal* systems, while
> > they permit outbound attempts from those systems.
> >
> >        It is my opinion that firewalls are not security devices as much as
> > they are traffic shaping devices. Their job is to control network
> > connections and the flow of traffic, not to ensure that something can't be
> > hacked.
> >
> > Regards,
> >        Adriel T. Desautels
> >        Chief Technology Officer
> >        Netragard, LLC.
> >        Office : 617-934-0269
> >        Mobile : 617-633-3821
> >        http://www.linkedin.com/pub/1/118/a45
> >
> >        Join the Netragard, LLC. Linked In Group:
> >        http://www.linkedin.com/e/gis/48683/0B98E1705142
> >
> > ---------------------------------------------------------------
> > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > Penetration Testing, Vulnerability Assessments, Website Security
> >
> > Netragard Whitepaper Downloads:
> > -------------------------------
> > Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you
> > must know  : http://tinyurl.com/26pjsn
> >
> >
> > Ansgar -59cobalt- Wiechers wrote:
> > > On 2008-07-08 Weir, Jason wrote:
> > > > Quote of the day....
> > > >
> > > > "Bullet-proofing your systems is as easy as using a firewall"
> > > >
> > > > If it was only true....
> > > It is quite true, you're just underestimating the task of maintaining
> > > a firewall.
> > >
> > > Regards
> > > Ansgar Wiechers
> >
> >
> > __________ NOD32 3257 (20080710) Information __________
> >
> > This message was checked by NOD32 antivirus system.
> > http://www.eset.com