Educause Security Discussion mailing list archives
Re: host based firewall for windows 2003 server?
From: Karen Duncanson <duncans2 () OAKLAND EDU>
Date: Thu, 22 Jun 2006 13:29:11 -0400
I have noticed that many, many more attacks look like normal traffic. That is, the signatures for IDP do not see the packets attacking. One of the most popular and effective attacks is the DDos and I have spotted those by looking at the source and destinations of the packets flying through my firewall. After all of this time, I believe that one of the most effective ways to keep the network clean is to block everything that is not useful and (be generous)about letting people do what they need to do to be effective at their work or research. Much better to reduce the risk than to fight off the damage after the fact. Naturally, not everything can be prevented. However, the time spent in react mode will be reduced if prevention (firewall) is carefully applied at all levels. ---- Original message ----
Date: Thu, 22 Jun 2006 11:32:07 -0500 From: Graham Toal <gtoal () UTPA EDU> Subject: Re: [SECURITY] host based firewall for windows 2003 server? To: SECURITY () LISTSERV EDUCAUSE EDUWhat outgoing/incoming ports do other institutions block and why?There are now so many "applications" engineered to bypass port filters (and/or tunnel over ports opened for other purposes) that this is really no longer an adequate basis for security. I think we have to start getting serious about proxies and deep inspection to verify that traffic really complies with policy, and not just with port number use.You are of course 100% right and going down the expensive path of deep inspection is a loser's game. Eventually all evil traffic will look like an https POST or GET on port 443 and there'll be no way of telling it from legitimate traffic. Then the battle will have to move to the host rather than the network - or, as you say, via proxies, such as a network which is completely sealed off from the outside world with only an application relay proxy available for web, and no end to end privacy because the relay has to supply the certificate in order to read the traffic. That'll be a sad day when it happens. (Which may be sooner than you think if the rumours about how Google will be implementing their free wireless service are true?) Meanwhile, a traditional firewall lets us pick the low-hanging fruit... G
Karen Duncanson, CISSP, CCNA UTS/Network Security Analyst www.oakland.edu/uts 248-370-2675
Current thread:
- Re: host based firewall for windows 2003 server?, (continued)
- Re: host based firewall for windows 2003 server? Bob Kehr (Jun 15)
- Re: host based firewall for windows 2003 server? Graham Toal (Jun 15)
- Re: host based firewall for windows 2003 server? Petreski, Samuel (Jun 15)
- Re: host based firewall for windows 2003 server? Graham Toal (Jun 15)
- Re: host based firewall for windows 2003 server? Petreski, Samuel (Jun 15)
- Re: host based firewall for windows 2003 server? Graham Toal (Jun 15)
- Re: host based firewall for windows 2003 server? Flagg, Martin D. (Jun 22)
- Re: host based firewall for windows 2003 server? Graham Toal (Jun 22)
- Re: host based firewall for windows 2003 server? David Gillett (Jun 22)
- Re: host based firewall for windows 2003 server? Graham Toal (Jun 22)
- Re: host based firewall for windows 2003 server? Karen Duncanson (Jun 22)