Re: The worm author finally revealed!

[Ron DuFresne <dufresne () winternet com>]

On 31 Jan 2003, Paul Schmehl wrote:

> On Fri, 2003-01-31 at 14:07, Ron DuFresne wrote:
> > if deployed on all commisioned servers, then yer protected at host
> > level...
> Ever priced a firewall for Windows?  Oh, I set up ipchains, iptables,
> ipfw or whatever on the *nix boxes I maintain, but what do you do for
> Windows?  AFAIK there are no free firewalls for Windows servers, and the
> ones that I've looked at ain't cheap.

Windows can be protected by any firewall, pix, ipf, ip, iptables, fw-1,
and running on fairly cheap hardware.  And there are a number of free and
cheap personal firewall products out there, of varying degrees of ease of
use and effectiveness.  W2k boasts firewalling with the OS


> > again, in most cases, depending upon the HW/SW choices made, two boxes and
> > the proper number of interfaces.
> Depending upon the volume of traffic too.


Yes, the heavier the load<s> the costlier the HW at least to privide the
perimiter defenses, but, there are pretty high bandwidth capable firewall
choices available.

> > > It gets expensive in a hurry.  Now do you still need to wonder why some
> > > networks have no firewall and no DMZ?
> >
> > The real expense is in maint of the equipment, and testing/auditing
> > periodically...
> ...but who's picking nits?  I was just trying to add some reality to the
> utopia that some people seem to live in.
> > But, what does interest me here, is that if utdallas has no real security
> > policy, and no perimiter defences, what does the Adjunct Information
> > Security Officer really do?  Tis a real question and not meant as a slam.
> I guess you haven't caught on yet.  I'm not telling you what UTD is
> doing.  I'm telling you what is the "norm" or "average" for edu.  Trust
> me, we have a security policy in place and published (but I want more -
> more policies and more specifics), and we have permimeter defenses in
> place, and we have monitoring in place, and we force good passwords,
> etc., etc.
>
> What do I do?  Well I'm responsible for many things, but in the
> categories you seem interested in; I handle all antivirus protection for
> the campus (have for years) and I'm responsible for IDS on campus.
> Others handle the switching, routing and firewalls, but I have
> (respected) input on what gets blocked.  I do the investigations when
> there's a breakin, and I get to generate all the reams of paper for the
> reports we have to file.  At least, that's the part I think *you* wanted
> to hear.

I'm not trying to insult you here, I'm merely trying to understand why
utdallas would pay for security folks if they don't have a decent policy
and the power to enforce it, especially in light of the fact that IT and
security always have been and most likely will continue to be underfunded,
perhaps especially in the .edu environments.  I work in an environment
that deals with a large number of .edu systems, in the k-12 realm as well
as the university level, and I've yet to run into the smallest rural grade
school that is not at least running a pix doing NAT or PAT.  How
effectively is another question all together.


Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html