Re: Network Segregation to prevent spread of malware

[DaKahuna <da.kahuna () gmail com>]

 However, with all that being said, IMHO segmenting servers and
workstation into different physical network segments is a security
best practice and should be done.
Also having different logical groups, e.g. engineering, sales,
finance, etc., in different logical or physical segments is a good
thing as well.

 As Rob mentioned this does not prevent the spread of malware but it
does help slow things down and adds some layer of difficulty, which
most often requires manual processes to overcome.  Being harder to
hack than someone else is a good thing.



On 1/23/13, Rob <synja () synfulvisions com> wrote:
> Additionally, the services commonly used for worm propagation (RDP/TS, RPC,
> etc) are also used heavily for domain operations anyway.
>
> For many environments this would be one step forward, two steps back in
> terms of security.
>
> Rob
> Sent on the Sprint® Now Network from my BlackBerry®
>
> -----Original Message-----
> From: Jerry Bell <jerry () riskologist com>
> Sender: listbounce () securityfocus com
> Date: Wed, 23 Jan 2013 07:07:25
> To: tomright006 () gmail com<tomright006 () gmail com>
> Cc: security-basics () securityfocus com<security-basics () securityfocus com>
> Subject: Re: Network Segregation to prevent spread of malware
>
> Hi Tom,
>
> The answer is 'it depends', but probably no. If you are talking about a
> classic company network and dividing workstations into separate networks to
> prevent cross contamination, you have to consider the pivot points for most
> malware - email, file shares, etc, which can still allow malware to
> propagate between networks even if no traffic is allowed directly between
> them. Some kinds of malware, notably worms who propagate directly from one
> system to another via some kind of remotely exploitable vulnerability, would
> be contained by network segmentation, however those sorts of events are
> becoming increasingly rare (however when they do happen, they tend to be big
> events).
>
> Jerry
>
> Sent from my iPhone
>
> On Jan 22, 2013, at 5:33 PM, tomright006 () gmail com wrote:
>
> > Hello All,
> >
> > I need few tips on Network Segregation to prevent spread of Malware. Can I
> > avoid Malware spreading from one network segment to another just by
> > segregating network with access list or firewalls?
> >
> >
> > Thanks,
> >
> > Tom
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate.  We look at how SSL works, how it benefits your company and
> > how your customers can tell if a site is secure. You will find out how to
> > test, purchase, install and use a thawte Digital Certificate on your
> > Apache web server. Throughout, best practices for set-up are highlighted
> > to help you ensure efficient ongoing management of your encryption keys
> > and digital certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


-- 
DaKahuna
-----------------------------------
Twitter:@ DaKahuna2007

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------