[Dshield] [DShield] Architecture approach

Tony Earnshaw tonye at billy.demon.nl
Sat Aug 13 21:36:36 GMT 2005


lør, 13.08.2005 kl. 18.24 skrev Valdis.Kletnieks at vt.edu:

> > knowing the IP of my border router will not help an attacker. The way I 
> > see it NAT makes it easier to secure a network, because anything inside 
> > that you want to expose has to be EXPLICITLY enabled.
> 
> As others have said, that's a function of a firewall, not of a NAT.
> 
> And remember - it only adds one layer of security.  If an attacker can
> find another way to get something past the firewall, things usually
> go downhill very quickly.  It only takes one vulnerable copy(*) of IE or
> Outlook behind the firewall to make an outbound connection and pull the
> rest of the exploit in.
> 
> (*) OK, so a vulnerable Evolution or Pine or Elm or Firefox or Thunderbird
> would be equally an issue, except that vulnerable copies of those are much
> harder to find.....

My site (1150+ user high school in Amsterdam, Netherlands) forbids IE,
mandates Evo, Thunderbird or SquirrelMail 1.5.1 CVS under Firefox, scans
(Sophos) and Postfix-firewalls (Smoothwall content scanning: Ethically
utter shit, but effective) mail out and in, realtime scans each Samba
3.0.14a Windows 2k workstation (in the minority, most workplaces are
Linux LTSP running from a central server). Been running a year w/o
infection, either from internal or external sources.

I only ever had a single bot infection attempt, Sophos found it
immediately, from a floppy disk (one of the teachers brought it in) at
the beginning of the year.

The point is, that *everything*, both workstation and server-based
(including would-be pupil and external root cracker attempts) is subject
to continual scrutiny, triggers and mandatory daily log reading. Windows
(all versions) has such lousy logging, that Unix/Linux provides my
solace.

Any comments or "I know better" gratefully taken aboard.

--Tonni

-- 
To Liza Picquard (?), by Phil Williams on BBC Radio 5, Wed. 10th Aug.
2005, 15:59 CEST:

"What is your definition of 'poor'?"
"Well, if your only occupation is collecting dog turds for a living,
you're pretty poor ..."

mail: tonye at billy.demon.nl
http://www.billy.demon.nl




More information about the list mailing list