Firewall Wizards mailing list archives
Re: Outsourcing firewalls & InfoSec Ops - Part I/II
From: chuck yerkes <Chuck () yerkes com>
Date: Tue, 16 Dec 1997 10:44:06 -0500 (EST)
With ISP's (that I would work with) who will host machines (or give me full access to one of theirs), in my experience these machines are on a separate segments and usually on a switch - so sniffing from "my" machine becomes somewhat useless. But then, I bring this sort of security mind set with me when I deal with these folks. When UNNAMED VENDOR had problems with me putting up an SSH daemon on their machine (they run the OS, the client fills the web data/cgi scripts), it sort of stopped negotiations. Would that all their clients thought the same.... It is claimed, but unverified, that Paul D. Robertson wrote:
On Tue, 9 Dec 1997, Frank Willoughby wrote:Further, one huge, nationwide ISP who remotely manages firewalls disclosed the customer's firewall configuration & rules to me over the phone - just because I said I was a security consultant and had the company's permission to obtain this info. This vendor also managed the firewall by TELNETing into the firewall over the Internet - in cleartext. Anyone on the Internet along the path from the ISP to the customer could have sniffed the connection to find out the password and reconfigure the firewall.It is important to note in this context that even though the service provider is likely the customer's provider, most ISPs do *not* staticly route their networks. It's also important to note that one of the benifits of working for a service provider these days tends to be the ability to place a machine of one's own on their internal network. I think everyone can draw their own conclusions.
Current thread:
- Re: Outsourcing Firewalls/Internet Security count, (continued)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count David HM Spector (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Adam Shostack (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Rick Low (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Larry J. Hughes Jr. (Dec 08)
- Outsourcing firewalls & InfoSec Ops - Part I/II Frank Willoughby (Dec 09)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II Paul D. Robertson (Dec 15)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II chuck yerkes (Dec 16)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II Paul D. Robertson (Dec 17)
- Re: Outsourcing Firewalls/Internet Security count Ted Doty (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 08)