Firewall Wizards mailing list archives
Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "B. Scott Harroff" <Scott.Harroff () att net>
Date: Thu, 22 Aug 2002 12:32:24 -0400
there are so many companies that have no ingress filters, they as Marcus will state not only don't care much about what passes inside, they additionally have no clue as to what is passing inside.
In my humble opinion, corporate security people not authenticing and filtering/monitoring traffic heading off the corporate network is a like airport personel not verifying individuals identities who are on an outbound airplane, or checking what they are carrying. 99.99% of the time nothing happens, that last 1% can be very painful though. A good practice (what I enforce): Our outbound traffic is authenticated at the proxy servers. No authentication via domain credenials = no outbound access. The proxy servers have inbound/outbound filter settings dictiated by IT Security, applied by server admins. The traffic then passes though an IDS / firewall (controlled by IT Security) with trigger sets for malicious traffic and port/protocol filters set to back up the proxys filters. All traffic logs passed/blocked are kept in the event of an incident (security or HR or Legal related).
There are far too many companies that do not see this as anything of major significance, we;ve seen so many messages in the lists over the years about some admin or employee running so non-work related app from their desktop or server that allows then to do instant messaging or share mp3's across the perimiter...<Subject: How do I stop such and such traffic from passing the firewall I'm charged with maintaining>
Via the above, Trojans, which don't have correct socks proxy configurations are stopped, virus' with smtp engines built in are stopped, non-authorized visitors to the network can't connect outbound, encrypted VPN's can't be established into another another network, etc. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Crispin Harris (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Adam Shostack (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)