Firewall Wizards mailing list archives
Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)
From: Bob Washburne <rcwash () concentric net>
Date: Thu, 02 Aug 2001 15:25:02 -0400
Perhaps, but restrictive firewall rules are still a Good Idea(tm). Security is not a binary value, yes or no, but a spectrum. The more secure you make the system the fewer worms and script kiddies get through. In this case, Code Red would have been contained (and probably was on many well maintained systems). Are there still holes? Sure. There is no protection at this moment from tunneling. Also, a well formed DDOS attack is indestinguishable from the "Slashdot Effect." So there is no defence from that one. But that doesn't mean that we just give up, go home and play with our Commodore 64's. So I must agree that patching is not the only issue here. I cannot clean up the web, but I appreciate the helpfull ideas to help protect my site. Bob Washburne Joseph Steinberg wrote:
Web servers should only respond to incoming web requests. Web servers donot need toestablish connections to the Internet. So if a web server is behind a stateful firewall, and the firewall rules allow incoming web request to the web server, but denies outgoing connections from the web server to the Internet, then the Code Red worm can be contained.Depends on the application and the location of the web server -- it may need to access content from the internet... Also, what if your web server needs to send outbound email (confirmation messages, etc.)... BTW: The generic Code Red worm may just deface and connect outward, but the same vulnerability could have been exploited to steal the information on the web server, or turn it into a host for a staged attack against other DMZ/internal machines. As the vulnerability is at the application-level, a firewall will not likely mitigate against this. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) Joseph Steinberg (Aug 02)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Bob Washburne (Aug 04)
- Re: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) Dustin D. Trammell (Aug 04)
- Re: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) R. DuFresne (Aug 05)
- Re[2]: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) Dustin D. Trammell (Aug 05)
- Re: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) R. DuFresne (Aug 05)