Spam: RE: Spam: How safe is a hardware firewall?

[joxeankoret at yahoo.es (Joxean Koret)]

Hi Robin,

It depends in the servers/applications you have opened to internet. If
you have any private web application (specially if they are coded in PHP
and ASP) you should start auditing it. If you have databases, ftp
servers, mail servers, etc... You will need specific tools to see what
can be done.

If you're using only standard applications (i.e., widely deployed) you
should check any news regarding these applications in security related
mailing lists (Bugtraq, Full Disclosure, Milw0rm, etc...). When using
standard software but not widely deployed (i.e., not too tested...) you
should audit yourself to known if there is any vuln.

Anyway, even if you're using only fully patched very widely deployed
software you must be aware that 90% of the time a vulnerable
server/application is a badly configured one.

BTW, did you tried to launch a vulnerability assesment tool? As, for
example, Nessus?

Joxean Koret

On lun, 2007-11-05 at 19:53 +0100, Robin Kipp wrote:
> Hi Kim,
> OK, thanks for your deteiled reply. Well, the problem is that I had to
> allow all outbound traffic because not only the server, but also my
> other computers are behind the firewall. However, the firewall scans all
> incoming and outgoing traffic for malicious code and the firewall keeps
> on sending me email messages telling me about all the intrusions and
> viruses that were blocked. Is there maybe a tool available that I can
> use to try to hack my own server? The problem is that all the Metasploit
> exploits don't seem to work :-( Thanks! Robin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071105/05135889/attachment.pgp>