Firewall Wizards mailing list archives
RE: Code Red: What security specialist don't mention in warnings
From: David Lang <dlang () diginsite com>
Date: Sat, 4 Aug 2001 13:19:46 -0700 (PDT)
Have you ever heard of web portals? the function by having one set of web servers contact other sets to gather information and then display it all in one (hopefully) use friendly page. In this situation you could set up a second set of servers to do your data retreival, but this adds extra machines, internal communications bandwidth requirements, and complication( how do you load balance your requests amoung your outbound machines?)that can be avoided simply by having the machine that needs the data (the web server) go out and get it itself. saying that a web server should never contact a machine outside the local network is as flawed as saying that your webservers should never talk to a machine on your internal network. The reality is that there are cases where both are needed. David Lang On Thu, 2 Aug 2001 mark.wiater () alexus com wrote:
Date: Thu, 2 Aug 2001 20:38:07 -0400 From: mark.wiater () alexus com To: FKnobbe () KnobbeITS com, firewall-wizards () nfr com Subject: RE: [fw-wiz] Code Red: What security specialist don't mention in warnings Excellent point Frank. No web server should ever have to generate a connection outside the local network. I'd also like to point out another. More common sense and supports defense in depth. Turn off unneeded or unused services. That includes index server in this case. I've found it to be another effective measure in securing the enterprise... Mark (Another concerned netizen)So may I take the opportunity to recommend the following: a) Download and install the patch from Microsoft (available at http://www.microsoft.com/technet/security/bulletin/MS01-033.asp). b) In addition, review your firewall rules and make sure your web server can not establish connections to the Internet. If you have not protected your web server with a firewall, this worm may give you another incentive to do so. There are certainly other steps and precautions that can be taken. However, above are the most effective in regards to the Code Redworm.Recommendation b) extends the original advisories and recommendations to a second level. This is 'Defense in Depth'. If one countermeasure (the patch) fails, the second countermeasure (the firewall)will stillprevent the worm from spreading. 'Defense in Depth'. This is how security should be done. Protect your systems with multiple layers of defense. Review and reconfigure your firewall now. Sincerely, Frank Knobbe (concerned netizen) _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Code Red: What security specialist don't mention in warnings Frank Knobbe (Aug 02)
- Re: Code Red: What security specialist don't mention in warnings Vladimir Parkhaev (Aug 02)
- Re: Code Red: What security specialist don't mention in warnings R. DuFresne (Aug 04)
- <Possible follow-ups>
- RE: Code Red: What security specialist don't mention in warnings mark . wiater (Aug 04)
- Re: Code Red: What security specialist don't mention in warnings Nate Campi (Aug 05)
- RE: Code Red: What security specialist don't mention in warnings David Lang (Aug 05)
- Re: Code Red: What security specialist don't mention in warnings Vladimir Parkhaev (Aug 02)