Snort mailing list archives
RE: Still Help Needed: i want to make a firewall
From: Robert Reid <rreid () 1800FLOWERS com>
Date: Thu, 17 Apr 2003 10:52:32 -0400
I've been running public NT boxes for years and have never had one compromised. I run everything from firewalls (FW1 and ISA) to Web servers (IIS 5.0, 6.0), FTP servers, Terminal servers, etc etc. I have a hand in literally hundreds of publicly exposed NT/2000/.NET machines, all watched over by Snort and various other intrustion detection methods. Windows can be made VERY secure, I have had boxes audited by some of the best security people in the business, and come up completely clean. The point im trying to make is, if you are a professional who works with Windows and you know your stuff, servers and workstations can be built to be almost bulletproof and easily as secure as a comparable *NIX. If you take the time to understand Windows security, you will learn its flexible, fairly easy to configure, and with tech like AD, GPO's, and security templates, security configuations can be easily duplicated to large amounts of boxes at a time. I firmly believe that most times a machine is compromised, it's the Admin that's getting hacked, not the OS. Cheers -----Original Message----- From: Rich Adamson [mailto:radamson () routers com] Sent: Thursday, April 17, 2003 9:26 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Still Help Needed: i want to make a firewall
Agreed whole heartedly. Although properly securing a windows box is just as complex a problem as properly securing a unix server, it's not impossible.
The only degree to which it is worse is the absolutely horrid history of exploits to IIS (not that Apache is any better). I certainly would question the wisdom of running snort on a NT box that sits outside your firewall and runs IIS on the external interface. But I'd
also question the wisdom of doing the same thing with a Linux box running Apache, bind, ssh, or sendmail on the external interface.
We've worked with corporations in 40+ states as independent network performance and security consultants. In the past 18 months or so, we've seen many small to medium size companies discontinue their Linux/BSD systems (replaced with Win2k boxes) due to staff training and internal support costs; had nothing to do with capabilities, performance or security. (Personally don't care, we run NT, Win2k, multiple Linux versions, Sun, etc.) Several of these clients have NT and Win2k servers directly on Internet segments, and after multiple years of exposure, have not been compromised as yet. On the flip side, one client's hardened BSD box (with current patches) was compromised and a root kit installed. Regardless of OS, security is still an issue of understanding/knowledge/experience and applying it to whatever system that's in use. Any missed steps in the process can obviously create a problem. An interesting exercise for those that would like empirical data: count the number of security alerts by OS in any reasonably complete database. Every OS needs about the same level of attention. Rich ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Still Help Needed: i want to make a firewall, (continued)
- Still Help Needed: i want to make a firewall Junaid (Apr 15)
- RE: Still Help Needed: i want to make a firewall bmcdowell (Apr 15)
- RE: Still Help Needed: i want to make a firewall Robert Reid (Apr 15)
- RE: Still Help Needed: i want to make a firewall Michael Steele (Apr 16)
- RE: Still Help Needed: i want to make a firewall Mike Mentges (Apr 16)
- RE: Still Help Needed: i want to make a firewall Matt Kettler (Apr 16)
- RE: Still Help Needed: i want to make a firewall Michael Steele (Apr 16)
- RE: Still Help Needed: i want to make a firewall Rich Adamson (Apr 17)
- RE: Still Help Needed: i want to make a firewall Michael Steele (Apr 16)
- RE: Still Help Needed: i want to make a firewall Horta, Benny (Apr 16)
- RE: Still Help Needed: i want to make a firewall Mirko Matytschak (Apr 17)
- RE: Still Help Needed: i want to make a firewall Robert Reid (Apr 17)
- RE: Still Help Needed: i want to make a firewall James Bly (Apr 17)
- RE: Still Help Needed: i want to make a firewall Robert Reid (Apr 17)
- RE: Still Help Needed: i want to make a firewall Michael Steele (Apr 17)
- RE: Still Help Needed: i want to make a firewall Paul Schmehl (Apr 17)
- RE: Still Help Needed: i want to make a firewall Matt Kettler (Apr 17)
- RE: Still Help Needed: i want to make a firewall Michael Steele (Apr 17)