No matter how a firewall is configured, they aren't an end all and be all of network security. Nimda, has a nice benefit of having multiple infection paths, and it's not going to get any easier.. It proves how easy it is for a worm to be built with multiple infection paths, and how fast it could propagate. As well as to bypass a unaware or uncaring security. Remember with Nimba, the infection paths were, Network Shares, Email, and Websites. This will not improve as Nimba was still just a concept virus.
This will change, as I have heard, there are rumblings and rumours, though none are very substancial, but on worms that work faster, and have more methods of infection. And remember there are many ways to defeat the security of firewalls, from either side of the connection; or a DoS, by killing the firewall or router; or even taking control of the firewall or the router. With Firewalls being built on another operating system, you are often, even with hardening the kernel, leaving the firewall open to other attacks, only because of what might be minor flaws in the TCP/IP Stack. How often in the past while has the Cisco IOS, or PIX or Checkpoints FW-1 have had notices about possible bugs, that could cause a system to be compromised, or at least disable services. Again you need to build a multiple level of protection, and security. And first and foremost start with your employees, or co-workers, they are the most dangerous people for your network, because in many cases they have insecure access to a large part of the network, and usually have very little in the way of security, or protection from their traffic leaving. If you educate your employees this will be less of a problem, from the inside.. You also want NIDS, to watch the network traffic, and you want HIDS, to verify that no changes are made to your system. You should also have a good backup plan, and system updates. Then and only then worry about a firewall, because if your system is vulnerable from the inside it is more then vulnerable from the outside, firewall or not. Jason On 23 Oct 2001 at 17:55, [EMAIL PROTECTED] wrote: > Message: 2 > From: "Clark, Steve" <[EMAIL PROTECTED]> > > Check to make sure you don't have Nimda. If your firewall and servers are > configured correctly, they should not be able to shutdown your server. > > Steve Clark > Clark Systems Support, LLC > AVIEN Charter Member > "Who's watching your network?" > www.clarksupport.com > 301-610-9584 voice > 240-465-0323 Efax > > The data furnished in connection with this document is deemed by Clark > Systems Support, LLC., to contain proprietary and privileged information and > shall not be disclosed or used for the benefit of others without the prior > written permission of Clark Systems Support, LLC. > -- Jason Robertson Network/Security Analyst [EMAIL PROTECTED] http://www.ifuture.com, http://www.astroadvice.com, http://www.astroeast.com Also if you are looking for an employee, I may be available soon, so feel free to contact me for my resume. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
