Full Disclosure mailing list archives
Re: Lets discuss, Firewalls...
From: Michael Scheidell <scheidell () secnap net>
Date: Sat, 30 Aug 2003 09:11:06 -0400 (EDT)
Admin password is blank.All IPC$ shares are there.I can surf the web from the box so it is fine.
security industry has a saying: crunchy on the outside, chewey on the inside. EASY to get inside your computer with your help. Once done, you are 0wn8d. you can hit a malishious web site and automaticly start running active x controls. you can receive a 'day0' virus that runs on your computer. you can get a call from the FBI (like 19 others did last week, and 318 did on September 13th, 2001) saying that they suspect that either you are a hacker or terrorist, or your computer has been taken over by a hacker or terrorist you can have all your data wiped out, owned, cookies taken (where pin numbers, passwords and bank accounts might be) you can have spyware loaded that will keep track of all of your keystrokes, including pin numbers, passwords and bank accounts. you can get your isp to cut you off due to activity that you didn't even see happening.
If you serve NO applications from the inside of your network (no publicly accessible web server, email server, ftp server etc...), and you have a NAT router so your addressing on the inside or your home or business is private (i.e. 192.168.0.x, 10.10.10.x, 172.16.1.x)
those 20 systems that were to SERVE UP the sobig.F upgrade were running on programs, no servers (except that which the hacker put on)
Do you still need a firewall? Why?
you need more than a firewall. says top 7 mistakes users make, #4 (i think) is: Relying primarly on a firewall. You need to practice 'save hex' in all that that means. -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Lets discuss, Firewalls... Mike @ Suzzal.net (Aug 29)
- Re: (SPAM?) Lets discuss, Firewalls... Jim Race (Aug 29)
- Re: (SPAM?) Lets discuss, Firewalls... Manfred Schmitt (Aug 30)
- Re: Lets discuss, Firewalls... Michael Scheidell (Aug 30)
- Re: Lets discuss, Firewalls... Ben Nelson (Aug 30)
- Re: Lets discuss, Firewalls... Valdis . Kletnieks (Aug 31)
- Re: (SPAM?) Lets discuss, Firewalls... Jim Race (Aug 29)