Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Laptop Endpoint Security

From: admin () infosec-canada com
Date: Wed, 27 May 2009 12:49:46 -0600
John,

Several factors would impact your risk assessment. First, dependent on how the server was configured and hardened and 
what firewall rules are enabled, it wuld be highly unlikely unless the applications is prone to a security 
vulnerability in its application or platform running the application.  e.g MS Windows IIS Server.  Highly unlikely but 
having AD authentication occur in the DMZ unlikely but I don't know the application in question.

Alternative solutions mentioned would not assist you in ensuring the Internet Content policies are enforced using their 
applications because of the nature of the app.  NAC would be for internal systems getting acess to your internal 
network or via a VPN connection which would confirm you meet certain criteria like OS Patches, Valid AV dat file etc.  
Another Content FIltering would potentially be a Management nightmare and not up to date since its an Open Source app 
vs. Websense's current URL database of sites/categories they enforce.

Feasibility of been hacked is there, but I caution you to think about what firewall ACL's are enforced to protect your 
corporate environment.  If proper firewall rules limit the communications from the client on the Internet to the Server 
in the DMZ and the DMZ Server to the internal server within your company, I highly doubt the system in the DMZ would be 
a launching point to your internal network.  If your FW rules are lacking, then that's another different story...  Open 
ports to Netbios and other ports etc. from MS is a HUGE NO NO if exposing such a system to the Internet.  There are 
tools from MS to lockdown a Server and other VA tools to ensure no open ports exists.

Best Practises:  Layered Security, minimize ports to only those required for your client to server in DMZ and Server in 
DMZ to Internal network.  

Best Regards,

Information Security Consulting

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: