Maybe she was assuming that since NAI IS supposed to be a network security
company (or at least one of the things they do is network security) they
would have designed their network using industry accepted best practices
(i.e. the "dmz off the firewall" thing.. I immediately thought the same
thing.
I would love to hear from NAI on what happened.. but then I guess we would
get the "positive spin" version of the story. Maybe if their network
security guy got fired, he will no longer be bound by loyalty and we can
get the skinny... >=)
Carric Dooley
Senior Consultant
COM2:Interactive Media
"But this one goes to eleven."
-- Nigel Tufnel
On Tue, 5 Dec 2000, Paul D. Robertson wrote:
> On Tue, 5 Dec 2000, Kathy wrote:
>
> > If you follow http://www.attrition.org/mirror/attrition/ ,
> > it contains a list of hacked websites. Last week, Network Associates and McAfee's
>website in Brazil was hacked.
> >
> > For a mirror of the hacked NAI web page,
> > http://www.attrition.org/mirror/attrition/2000/11/29/www.nai.com.br/
> >
> > The hackers must have bypassed NAI's Gauntlet firewall and CyberCop monitor?
>
> That's a pretty big leap to make. Most people don't put Web Servers
> behind firewalls *especially* proxy-based firewalls. Also, there are a
> significant number of Web server attacks that are in-band (HTTP-based
> attacks), there's not a great deal a firewall can do about traffic that's
> permitted (hence the long and drawn-out ranting about opening up inane
> services and protocols yesterday.) Do you have any proof that the Web
> site was *behind* a firewall, or is it pure conjecture?
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
