Firewall Wizards mailing list archives
Re: Fw: What challenges are security admins facing?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 29 May 2003 10:32:01 -0400 (EDT)
[SNIP]
I think 2 areas that are completely overlooked at web servers and remote users. For the web servers, I've looked at web application firewalls such as Sanctum and Kavado. The industry is still relatively new, but I think the demand for these products will decline as web servers mature.
For these 'open' access systems, I still preffer, when possible, to do the old hardened systems that runs it's own firewall of some sort and an ids or two <triwire that many liken to an IDS, while I still prefer to think of it as a AV type of product, and file integrity checker, and snort or some such to warn if un-natural traffic patterns emerge to/from the system>. And if possible a screening router and firewall in front of that if I want to feel extra warm and fuzzay about the deployment. Of course, it is often the case that for one reason or another, something less the this is forced into a production mode and sign-offs from those demanding less and imeadiate pull the responsibility from my realm of constant concern...
As for remote users, there has been discussion about personal distributed firewalls. We've had 2 major viruses hit us because of remote users. In this area, my favorite is Sygate.
We've grown to like sysgate for home users as it is fairly intitive and simple to setup and maintain even for those challeneged users. But, the biggest issue with the VPN for remotes and homers is that they tend to be dropped into place and then considered majik that is just plain drop and use -=safe=-. Little if any training tends to accompany such rollouts, and it's amazing how often little or no monitoring of these connections tends to be maintained after everything is 'working'. Not every person that wishes to work from home perhaps should be so allowed. And for those it is really deemd a nessecity, training about at least the basics of what are safe and unsafe actions for a user should be given prior to the rollout and perhaps at least once a year there after. It's been interesting from time to time to 'test' the ability of a home vpn users capability to do the right thing when sent a viri or trojan via an e-mail that has all the trappings of a spooifed sending address and such. I've actually seen users drive home after such training, and infest their system moments after firing up their vpn and reading mail from work or home...So, are these folks in need of retraining already, and cluebat to the back of the head, or have they proven an inability to adapt and learn? Of course, considering how many admins tend to view those anacronyms<sp?> consisting of three or four letters <i.e. VPN, ssh, etc> as majik bullets, drop and deploy and forget, this is not too shocking. And perhaps it's considered bad of me to occasionally 'test' those users I deploy and maintain for, but, better I test them and findout how well the training was absorbed then someone else test them and get into our network, yes? Little is this area seems to have changed in the past 10 years, only some of the names have changed <smile>. Twas a good topic, for this very reason I think. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- What challenges are security admins facing? Paul Ammann (May 27)
- Re: What challenges are security admins facing? Paul Robertson (May 27)
- Re: What challenges are security admins facing? R. DuFresne (May 27)
- Re: What challenges are security admins facing? ark (May 28)
- Re: What challenges are security admins facing? Paul Robertson (May 28)
- Re: What challenges are security admins facing? ark (May 28)
- Re: What challenges are security admins facing? Paul Robertson (May 27)
- RE: What challenges are security admins facing? Ben Nagy (May 27)
- Re: What challenges are security admins facing? R. DuFresne (May 27)
- <Possible follow-ups>
- Fw: What challenges are security admins facing? Paul Ammann (May 29)
- Re: Fw: What challenges are security admins facing? R. DuFresne (May 29)