Educause Security Discussion mailing list archives

Re: When is a firewall not a firewall?

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 5 Sep 2003 16:32:09 -0400

Hahn, Jacob wrote:

IP Security policies that are built in to the local and group policies may
provide what you are looking for.
The real beauty of the group policy based IP Security policies is that can
be centrally managed via active directory.


I'm experimenting with them now and they leave a period of vulnerability
during boot too. Several seconds just before the logon prompt, a specifically
blocked port (135) was reported open by nmap.

This was done using local policy (i.e. ipsecpol -w REG)

I doubt group policy would be any different.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

When is a firewall not a firewall? Gary Dobbins (Sep 05)
- <Possible follow-ups>
- Re: When is a firewall not a firewall? Hahn, Jacob (Sep 05)
- Re: When is a firewall not a firewall? Jere Retzer (Sep 05)
- Re: When is a firewall not a firewall? Matthew Keller (Sep 05)
- Re: When is a firewall not a firewall? Gary Flynn (Sep 05)
- Re: When is a firewall not a firewall? Omar Herrera (Sep 05)