Firewall Wizards mailing list archives
RE: terminal services
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 28 Jan 2003 21:30:48 -0500
R. DuFresne wrote:
Which seems to make a strong casepoint for the hardening of exposed hosts and the continued need for well defined security perimiters at this point in time still <security basics 101?>.
It's pretty much security 101 as you say. I think the most frequent recommendation I've written in consulting reports reads something like this: "Establish a list of Internet-accessible perimeter systems. On those systems, establish a list of Internet-accessible applications based on the boundary firewall's 'permit' rules. For each of those applications, maintain a list of the software packages that provide the service, and the revision level of each package. Assign someone to perform a periodic check on each package by revision level, to install security updates as necessary. Ideally, this process should be as automated and proactive as possible." "Geeze! That's a ton of work!" is the usual response. Yeah, well, it is. But it's easy to fix: minimize services, minimize software release dispersion (common release) and minimize administrators. Oddly you'll find that security almost always improves as a result. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: terminal services, (continued)
- Re: terminal services Paul D. Robertson (Jan 28)
- RE: terminal services Noonan, Wesley (Jan 28)
- Re: terminal services Steven M. Bellovin (Jan 28)
- RE: terminal services Noonan, Wesley (Jan 28)
- RE: terminal services R. DuFresne (Jan 28)
- RE: terminal services Paul D. Robertson (Jan 28)
- Re: terminal services Barney Wolff (Jan 28)
- RE: firewall design (was: RE: terminal services ) m p (Jan 29)
- RE: terminal services R. DuFresne (Jan 28)
- RE: terminal services Paul D. Robertson (Jan 28)
- RE: terminal services R. DuFresne (Jan 28)
- Message not available
- RE: terminal services Marcus J. Ranum (Jan 28)
- Re: terminal services Barney Wolff (Jan 29)
- Re: terminal services Paul Robertson (Jan 29)
- Re: terminal services Barney Wolff (Jan 30)
- Re: DNS security (Was: re: terminal services) Mikael Olsson (Jan 31)