Full Disclosure mailing list archives
Re: Re: January 15 is Personal Firewall Day,help the cause
From: Valdis.Kletnieks () vt edu
Date: Sat, 17 Jan 2004 13:56:01 -0500
On Sat, 17 Jan 2004 10:20:56 PST, Jim Race <caferace () well com> said:
Since the ping-pong game is far past 21 points... How safe would you consider: A WinXP box with all current patches A properly configured HW firewall ICF enabled, web services ONLY enabled and all ICMP requests disabled Apache (latest) installed with no add'l modules (static pages only) NOT running Outlook or OE Mozilla with Java and JS disabled in email An "admin" who knows not to run attachments No add'l (hated) SW firewalls No AV stuff running, except when scanning known executables
What's your threat model? Does it have to be "safe" against just the random crap that is background noise on today's networks, or are there other considerations? What's your trade-off model? If it *does* get whacked, what are the consequences? Remember to *NOT* spend more time/money/effort on securing it than you would lose if it was in fact compromised. There's two main classes of attacks to worry about: the "random noise" of all the worms and viruses, and targeted attacks by opponents of varying skill and resources. The hardening you describe is probably quite sufficient to repel most of the "random noise", so it's the second category you need to worry about. If it's a personal machine, you're just using Apache to serve up photos of the barbeque to your friends, and the worst that happens is you have to reload your 'My Documents' folder off a CD-ROM backup, you're probably *very* safe. Just remember to not piss off a script kiddie on IRC. ;) If you're using the machine to access a corporate database, you probably want to do some more policy-level and ACL hardening on the inside - the biggest threat to your HR database is still an underpaid secretary in Accounts Receivable. If you're using the machine in a true life-or-death environment (medical monitoring, processing classified data, launch codes, etc), you're nowhere near hardened enough.
Attachment:
_bin
Description:
Current thread:
- Re: Re: January 15 is Personal Firewall Day, help the cause, (continued)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 16)
- Re: Re: January 15 is Personal Firewall Day,help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day,help the cause Tobias Weisserth (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause jan . muenther (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Tobias Weisserth (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause brenda (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Ron DuFresne (Jan 20)
- Message not available
- Re: January 15 is Personal Firewall Day,help the cause Jim Race (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Valdis . Kletnieks (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Jim Race (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Jim Race (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Tobias Weisserth (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Jim Race (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause jan . muenther (Jan 17)
- Re: Re: January 15 is Personal Firewall Day,help the cause Valdis . Kletnieks (Jan 17)
- RE: Re: January 15 is Personal Firewall Day, help the cause Chris Harrington (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Dani Wuck (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 15)