Firewall Wizards mailing list archives
RE: Scanner and Firewall?
From: Henry Sieff <hsieff () orthodon com>
Date: Wed, 14 Jul 1999 09:29:35 -0500
-----Original Message----- From: John Nanas [mailto:JohnN () review com] Sent: Tuesday, July 13, 1999 10:15 AM To: firewall-wizards () nfr net Subject: Scanner and Firewall? Hi all- Sorry for the simple question, but I'm still relatively new at this, and all the reading I could do didn't fully answer my question.
I'm pretty new too, ubt I can help with some issues; I assume others will correct any mistakes.
I'm designing a new network which my company will be co-locating offsite. I've spec'd out all the good stuff, including a FW-1 box to protect the network, but find myself facing this question - do I need scanning software in addition to the firewall? I know that FW-1 has pretty comprehensive software (much more than I've taught myself to use, thus far) with all the logging, but do I gain something by adding another scanner to the firewall box?
If, by scanner, you mean IDS, the best way to judge that is to evaluate the cost of attempted intrusions. I run an ids behind my firewall host to make sure that my policy is being applied properly. I do not run an ids outside my firewall, as I do not have the time to check every ping sweep or BO scan anyways; however, ideally I think that's a pretty good idea. If, by scanner you mean some sort of vulnerability scan, then ysea, I think periodic scanning of your hosts from both inside and outside your network borders can help a) identify what a potential intruder would see and b) determine whether you can detect these casual scans, which are often the first stage of an actual attempt. Again, you need to figure out first how much you are willing to spend (which usually means attatching a dollar amount to security, which has always been the hardest part of the job for me).
Also, does anyone know if there's a book that's accepted as the bible of network security (or Internet security)? I've seen a few texts, but some of what I've seen thus far are only applicable to Unix networks (which, I have the unfortunate position of being in an all NT shop) or are somewhat outdated..
Network security is network security; the only difference between OS's ultimately are the specific exploitable weaknesses (imo, perhaps others will disagree). And since those change, your best bet is to subscribe to an nt mailing list. I recommend ntbugtraq and ntsecurity (go to www.ntbugtraq.com). There are also a couple of good white papers on "hardening" an nt box (haha, I know, but it DOES help), one from Trusted Systems, which may help you. The biggest hassle with nt security, though, is the lack of "open" discussion; witness the paranoia that surrounds the disclosure of a new bug in the nt world. As I said though, I have found concepts from the Unix world to be very helpful in the nt world, the only difference for me being in the specific weaknesses to address. The white papers I reffered to can be found at www.microsoft.com/security. HTH -- Henry Sieff Netwerküberkommander Orthodontic Centers of America (504) 834-4392 ext.135
Thanks for any help, John Nanas Network Systems Engineer The Princeton Review
Current thread:
- Scanner and Firewall? John Nanas (Jul 13)
- <Possible follow-ups>
- Re: Scanner and Firewall? Robert Graham (Jul 14)
- RE: Scanner and Firewall? Henry Sieff (Jul 14)