[Dshield] Firewall newbie

john beck jbeck80 at hotmail.com
Mon Dec 22 21:50:40 GMT 2003


No problem and no flame:), and I must say it is inherent that security 
personnel are paranoid.
I email from anon acct, because..
If I post about a problem I am working on, I do not want to broadcast that 
me at work.com
is vulnerable, mis-configured, etc.
Also, I do not give out exact make and model of my firewall to group or 
anyone I don't know or trust, narrows focus of attack for bad guyz.  If you 
can find someone in group to do it off list (trustworthy user, example, 
Johnas).
If to group use general info, the rules and configuration you can do on one 
firewall, you basically can do with all, if you find you need specifics, do 
it offline if possible, make sure it is Johnas or someone else you know and 
trust from group, not joeblow at aol (no offense).
Do not give the impression you site it is not secure, say your working on it 
in test environment, and that it is not "live".

Failover:       Disabled
> >VPN-DES:        Enabled  (Do not give out encryption strengths, in this 
>case weak)

> >VPN-3DES:       Disabled
> >Maximum Interfaces:     2
> >Cut-through Proxy:      Enabled (well since I know it is CISCO PIX 501 I 
>would go after known vuls on this config)
> >Guards:         Enabled
> >Websense:       Enabled
> >Inside Hosts:   Unlimited    >Throughput:     Limited
> >ISAKMP peers:   Unlimited

I will not go into detail on exploits but I hope everyone is getting the 
picture.
But if you consider the amount of work a hacker has to do to gather this 
information prior to attack, giving this info out just confirms, and reduces 
work needed to exploit.
As you watch the list you will see people taking conversations off list, for 
security and conversation.

The less you say, the less "they" know.  And while we are on the subject, if 
you were a black hat, and wanted to get inside info on companies security 
issues, where would you put your ear?  I have met the winner of recent CFT, 
Root Fu, and Defcon, competitions and it is hillarious to hear how they 
communicate with each other, everyone paranoid, no one knows the truth to 
where anyone works or what they know, even email addresses are fake in most 
cases, and that is among teammates!

Happy Hunting!

aka (¢ÔÞ)

>From: "Chuck Lewis" <clewis at iquest.net>
>Reply-To: General DShield Discussion List <list at dshield.org>
>To: "'General DShield Discussion List'" <list at dshield.org>
>Subject: RE: [Dshield] Firewall newbie
>Date: Mon, 22 Dec 2003 12:50:09 -0500
>
>John,
>
>Thanks for the head's up. I guess I didn't think there was anything in 
>there
>that would give anything away bit DUH on my part.
>
>What in particular is a no-no ?
>
>Thanks !
>
>Chuck
>
>
>-----Original Message-----
>From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
>Of john beck
>Sent: Thursday, December 18, 2003 2:47 PM
>To: list at dshield.org
>Subject: RE: [Dshield] Firewall newbie
>
>Please, for your sake, sanitize your posts about your particular
>configuration, no need to give them a "key" and a "gun".  You can post 
>about
>
>it, be general even a little obscure, if not "off list".
>
>"It is never too late to learn what is always necessary to know."
>      Lucius Annaeus Seneca (2BC-65AD); Roman philospher, statesman
>
>
>
> >From: "Chuck Lewis" <clewis at iquest.net>
> >Reply-To: General DShield Discussion List <list at dshield.org>
> >To: "'General DShield Discussion List'" <list at dshield.org>
> >Subject: RE: [Dshield] Firewall newbie
> >Date: Thu, 18 Dec 2003 14:18:06 -0500
> >
> >Guy,
> >
> >We just had one installed here for VPN and here is some stuff show 
>version
> >shows as to how we are configured (not sure it is of any help or not):
> >
> >Licensed Features:
> >Failover:       Disabled
> >VPN-DES:        Enabled
> >VPN-3DES:       Disabled
> >Maximum Interfaces:     2
> >Cut-through Proxy:      Enabled
> >Guards:         Enabled
> >Websense:       Enabled
> >Inside Hosts:   Unlimited
> >Throughput:     Limited
> >ISAKMP peers:   Unlimited
> >
> >
> >Chuck
> >
> >
> >-----Original Message-----
> >From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On 
>Behalf
> >Of Guy Barnum
> >Sent: Thursday, December 18, 2003 11:39 AM
> >To: General DShield Discussion List
> >Subject: [Dshield] Firewall newbie
> >
> >I've installed a CISCO PIX 501 firewall appliance on my company's 
>broadband
> >internet feed and have a few questions for the experts on the list; thank
> >you by the way to everyone who responded to my earlier request for advice
> >and information on firewall choices.
> >
> >The configuration options available on the PIX are overwhelming while the
> >documentation provided by Cisco is quite underwhelming, rather
> >non-existent.
> >
> >I am looking for basic security configuration necessities. What logging
> >options, filtering, security levels, etc. should I have configured?  Are
> >there good online walk through for PIX configuration that you know of?  
>Is
> >there a good manual you can recommend?
> >
> >What do I need to setup, install or configure to contribute my logs to 
>the
> >dshield site?
> >
> >Any information or recommended resources are welcome.
> >
> >I already see a lot of activity on the firewall's internal and external
> >interface with only one test laptop connected to the PIX and no browser,
> >telnet or any other programs running.  With no manual or reference 
>material
> >provided with the PIX I have no way of knowing if this is normal or if my
> >system is compromised already, really trying not to be paranoid.
> >
> >For the basic questions anyone may have; I changed the default pix host
> >name
> >and domain name, I set a password for PIX configuration access, VPN is 
>not
> >enabled until I learn a lot more about it, auto update is not enabled, 
>the
> >inside interface security level is 100, the outside interface security
> >level
> >is 0, and PAT is being used rather than NAT.
> >
> >Guy
> >
> >_______________________________________________
> >list mailing list
> >list at dshield.org
> >To change your subscription options (or unsubscribe), see:
> >http://www.dshield.org/mailman/listinfo/list
> >
> >_______________________________________________
> >list mailing list
> >list at dshield.org
> >To change your subscription options (or unsubscribe), see:
> >http://www.dshield.org/mailman/listinfo/list
>
>_________________________________________________________________
>It's our best dial-up Internet access offer: 6 months @$9.95/month. Get it
>now!  http://join.msn.com/?page=dept/dialup
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
>http://www.dshield.org/mailman/listinfo/list
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list

_________________________________________________________________
Check your PC for viruses with the FREE McAfee online computer scan.  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




More information about the list mailing list