Hi All Recently I have seen a program about internet security (only 30min out of 1 hour), and it scared me. Young guys hack into any system no metter how big the company is : amazon, ebay, yahoo, not to mention microsoft who never applied their own patches on their own computers (they must have forgotten). Is it possible that they can send packets to eth0 and force them to be received by the card on a lower level before they get to tcp?, somehow force the assemble and save into the system? I have port 80 as the only port open on one of the accounting boxes, running shorewall 1.3.1, how much chances are there that some one will get in e.g. the best hacker in the business, and would he be able to get in? I hope some one will understand my mambo-jambo question BTW, either 1.3.1 is easier to understand or i got some more practice in seting it up by now. Thanks Tom, Bogdan Bednarczyk Melbourne, Australia
On Tue, 11 Jun 2002, Bogdan wrote:> Hi All > > Recently I have seen a program about internet security (only 30min out > of 1 hour), and it scared me. Young guys hack into any system no metter > how big the company is : amazon, ebay, yahoo, not to mention microsoft > who never applied their own patches on their own computers (they must > have forgotten). > > Is it possible that they can send packets to eth0 and force them to be > received by the card on a lower level before they get to tcp?, somehow > force the assemble and save into the system?Not that I know of.> I have port 80 as the only port open on one of the accounting boxes, > running shorewall 1.3.1, how much chances are there that some one will > get in e.g. the best hacker in the business, and would he be able to get > in? I hope some one will understand my mambo-jambo question >Once that you have a firewall in place, your two largest areas of exposure are: a) The servers that you open to the internet (such as your web server that you mention above). b) Microsoft Email clients Some ways to fight a) are: 1) Not exposing any more services to the net than absolutely necessary. 2) Monitoring for known exploits and applyomg corrections as soon as they are available. 3) Not exposing any services that use non-encrypted passwords. 4) Enforcing strong passwords that are changed regularly. Exposure b) is countered with: 1) Antivirus software with automatic signature update. 2) Conservative configuration of the email clients. These are just a few ideas -- any good book on Internet Security will give you many more.> BTW, either 1.3.1 is easier to understand or i got some more practice in > seting it up by now. Thanks Tom,You''re welcome. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On 10 Jun 2002 at 9:31, Tom Eastep wrote:> Once that you have a firewall in place, your two largest areas of > exposure are: > > a) The servers that you open to the internet (such as your web server that > you mention above). > b) Microsoft Email clients> Exposure b) is countered with:> > 1) Antivirus software with automatic signature update. > 2) Conservative configuration of the email clients.Exposure B is BEST countered with almost ANY other email package. There is simply no escuse to run MS Email packages at all, Eudora or Pegasus or 5 or 6 others will do everything Exchange or outlook do and do it vastly more securely. Considdering the risk, The Consumer Product Safety Commission should force a recall. ;-) (not holding my breath). ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/
> > There is simply no escuse to run MS Email packages > at all, Eudora or Pegasus or 5 or 6 others will do everything > Exchange or outlook do and do it vastly more securely.Well, apart from "being available in all languages". (if we want to get nitty here) :)
''Scuse me for playing moderator, but this is off topic. Take it somewhere else=20 guys. On June 12, 2002 07:14 am, Jan Johansson wrote:> > There is simply no escuse to run MS Email packages > > at all, Eudora or Pegasus or 5 or 6 others will do everything > > Exchange or outlook do and do it vastly more securely. > > Well, apart from "being available in all languages". (if we want to get > nitty here) :) _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users--=20 Paul Slinski System Administrator Global IQX http://www.globaliqx.com/ pauls@globaliqx.com