I have been tasked with finding a solution to replace telnet for router
access to a large group of Cisco Routers. Is SSH available for Cisco
Routers or does anyone have a preferred solution for doing away with
the vulnerability associated with telnet and core infrastructure
components?
Leds.
Hi!
Anyone know of any good links for firewall comparisions, esp. between Cisco PIX and
IPCHAINS/IPTABLES.
Thanks,
Carl
On Fri, 4 Jan 2002, Octavio / Super wrote:
> How can I deny all MAIL FROM: <> commands from hosts which are not
> MX for a domain?
You should not do this, for multiple reasons.
1. The null envelope sender ("MAIL FROM:<>") is used by MTAs to
communicate Delivery Service Notification (DSN) me
Thanks Dude for your response,
I have set up our idle time out inactivity configuration a little bit
higher than that but it is our general time out that I also would like
to know what more people are using as security best practice, this is
where for example our external users have up to 2 hours
You may not want to do this for the simple reason that some domain
admins use a different box for sending mail than receiving it, ala one
firewall responsible for inbound connections and one for outbound, etc.
Mickey
-Original Message-
From: Octavio / Super [mailto:[EMAIL PROTECTED]]
Se
OK, I know this is more of a theoretical debate, because in reality we
are able and should do BOTH.
But according to you, which is more important? Paying attention to
having great firewall with a great ACL more than hardening and patching
the systems? Or not have to worry about the firewall or
I was under the impression that the "stealth rule" was to have anything
going directly to your Firewall dropped, therefore making your FW's
addess a "black hole". It never answers anything, except what you
specifically allow for management purposes.
The rule you describe was always referred to a
Hello all. Being the most dynamic and honest bunch around, I thought I
would ask the list a simple question.
I have been on the NSA's mailing list for Secure Linux, and I have to say
above all, its slow list and heavily moderated :). I have never installed
it yet, as I haven't found an extra
On Friday 04 January 2002 08:42 pm, John Morris wrote:
> What are the current options for firewalls that can handle 1gb throughput ?
> I've got a client that has a 1gb internet connection, (a major Univ), and
> they want to firewall it, but haven't because they haven't found anything
> that wouldn
search in sendmail.cf
SBasic_check_mail and comment the line with
#R<>$@
restart sendmail.
- Original Message -
From: "Octavio / Super" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 04, 2002 7:40 PM
Subject: MAIL FROM: <>
Hello!
How can I deny al
I am attempting to block the multimedia search program kazaa on a pix 515
running ios 4.4.
Pinging the Kazaa website, I got a address of 213.248.107.10. The program
uses port 1214.
I need to block any access to the website and to the program. I have tried
several conduits
without success.
Any
I have to agree. Case and point is the DoD's adoption of the Defense in Depth policy.
The policies mentioned below have historically worked horribly for the DoD. In an
organization with security policy like this, given enough time and persistence, an
attacker will find a hole. The hole will
I sounds like you're already heading in the right direction for eventually
moving into this field. Unfortunately I don't know of any companies that
would be willing to let a high school student poke around on their network
in order to learn stuff, but if you have skills to offer them and are
Nokia has a new carrier class firewall for Firewall-1 (I think it is an
IP740) that is rated at 1.6gps. Of course, I have never tested it so I
have no idea how it really performs...
Cheers,
Eric
"John Morris" <[EMAIL PROTECTED]>
01/04/2002 07:42 PM
To: "security-basics" <
Host resident in the Kernel...
---
Regards,
On Sun, 06 Jan 2002 02:17:26
ashley thomas wrote:
>hi,
>
>which is the lowest layer where a firewall can be implemented ?
>i guess, it is network layer (layer 3)
>
>in that case , how is firewall implemented on bridges , which is a layer 2
>device
Hi,
What you are talking about is a Filtering Bridge. This device is basically
an intelligent bridge, where only one interface is configured and the other
isn't (in ifconfig). Because the machine is a bridge, all data is
duplicated onto the second "unconfigured" interface, thus you have two
ide
Look at IPSec policies instead, they are much more flexible in rules and
don't require rebooting.
-Original Message-
From: Holland, Stephen [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 04, 2002 11:08 AM
To: [EMAIL PROTECTED]
Subject: Closing holes with out a firewall
I currently h
Don't know if this will help you, but I was looking for some legal stuff
recently and got a lot out of the FindLaw site for students. This link is
particular to the journals and law reviews that deal with technology. There
could be something for you there
http://stu.findlaw.com/journals/ip_
I found that the best way to learn other than reading and implementing,
at least for me, is the honeypot approach, put a machine on the net with
a permanent address and see what kind of attacks it faces and how can
you counter them. It will also allow you to figure out firewalls and IDS
systems.
If someone cannot securely configure IIS with its GUI interface, how do
you expect them to secure a daemon that uses .conf files? Bad
administration is bad administration. I contact at least 5 companies a
week on behalf of my clients about infected or hacked systems that are
launching attacks on
Hi,
Can any one advise me a software which can take backup of;
1- windows 2000 professional profiles
2- windows 2000 professional system policies (implemented by admin mmc>) so
it can be restored on any other machine to implement same type of policies.
3- backup of outlook express and outlook2000
Apparently, they fixed it on the servers that control these connections.
On Fri, 2002-01-04 at 16:34, Dan Trainor wrote:
> Does this alarm anyone else? How will AOL fix this problem without
> making users download any patches / fixes? Are they going to install it
> themselves? If so, if they
> How can I deny all MAIL FROM: <> commands from hosts which
> are not MX for a domain?
You need to provide more information about the environment you're
working with. If you're running MS-Exchange on MS-Windows, I don't
think there's a mechanism available to do this type of checking.
However,
Out of many other reasons, lack of performances is
sometimes the major one. Espacially with static pages
IIS outperforms Apache. Take a look at the latest
benchmarks at
http://www.pcmag.com/article/0,2997,s%253D1611%2526a%253D19774,00.asp
Just don't trust (any) out of box configuration, do
your
Always remember that the "firewall" is no good if the underlying OS is
vulnerable. I am not real familiar with the Win2K "firewal" settings,
but if your Windows system is secure (oxymoron?), then in theory, you
should be ok.
Nick
On Fri, 2002-01-04 at 14:08, Holland, Stephen wrote:
> I currentl
Sorry - It is sygate Personal Firewall...
Salil
- Original Message -
From: "security.alert" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
"Daniel Chojecki" <[EMAIL PROTECTED]>
Sent: Friday, January 04, 2002 11:42 AM
Subject: Re: Is there any free replacement for zone
I was wondering what everyone is doing for network
based intrusion detection? I am looking for
something I can use on a University based system
with approximately 15000 nodes with various flavors
of Unix, Linux, Windows, Mac, etc. I do have access
to the logs of all incoming traffic
Hello All.
Just trying to set up a way to map a drive through our firewall (Internal to
DMZ) for special computers and special username/password combo via NT
authentication
While doing so I swore that I just needed to open up ports 137, 138 and 139
between the two PCs in order to map shares.
On Friday 04 January 2002 03:34 pm, Dan Trainor wrote:
> Does this alarm anyone else? How will AOL fix this problem without
> making users download any patches / fixes? Are they going to install it
> themselves? If so, if they can fix this problem by installing a fix on
> to your machine, what'
I suggest that you find a lawyer fast. One who understands technology.
What ever you come up, you need to make sure that you run it by what ever
firm is handling your professional liablity insurance.
Oh, don't have have professional liablity insurance?
Better think twice. The corp's can afford t
Hi there ...
Having some problems here in keeping all the information in is rightful place ...
Anyway, my question is about sendmail ...
I´d like to know if any of you would kindly help in getting sendmail to log every
outgoing mail.
Reality : wan split into 2 lan´s, one sendmail sending
I'm assuming you are talking about devices that can be assigned 1 IP
number on all the interfaces like the Watchguard, and the NetScreen.
These devices still function on layer 3 for their connectivity, but use
a proxy-arp to determine which interface certain IP's are on. Thus it
forwards packets
Hi,
I`m looking for a good port scanner that will run under Windows XP. My
wishlist for it that it scans TCP, UDP and stealth but i`m not really
sure if there is such a one under Win enviroment.
I also wondered if anyone got nmap for win32 compiled and working yet.
Philip Wagenaar
I recently read a statistic that said apache is hacked more than IIS web servers. and
I have also seen statistics go the other way. I did a quick search in google to try
and see if I could find a solid believable statistic, and was unsuccessful. I found
many individuals stating facts without
With an old PC you can make a great firewall/NAT box with FreeBSD.
www.freebsd.org
There is an article on this site that walsk you thru everything from
compiling the kernel to setting up the firewall script.
Peace.
-Original Message-
From: The Dude [mailto:[EMAIL PROTECTED]]
Sent: Satu
This vulnerability was created by bad people sending malicious "Game
Requests" through AOL's server. To fix it, AOL added a filter to the server
so that bad Game Requests won't be passed along to a client.
AOL took the easy way out. They didn't fix the client, they fixed the
problem on the se
Hi Folks
I ´ve seven domains in my wan, and also workstations are w2k, the big
question is this, WHY?? when i selected the local domain in the workstation,
example.. (the domain of the machine), in the login ALL the Rights works
better, but if i selected another domain, ex... a domain NT4 Ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I believe in the RFCs this is a double-bounce message, so to be compliant,
it should be allowed to pass but only should have one recipient... there
is a patch for qmail to enforce this behavior... I have seen this spam
too...
there is also a patch for
Douglas
I know how hard it can be to pick things like this up, incidentaly I
live in VABeach you might want to check out www.itpa-hr.org go ahead and
register and come on out to the meeting this Thursday, I'm sure that you
can at least talk to some more people and do a little personal
networking.
How can you be sure that the system is 'completely' secure? That seems a
little naïve to me. How do you track break-ins if and when they occur?
Just curious, not judging.
> -Original Message-
> From: Iain McAleer [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 04, 2002 11:18 AM
> To:
Greetings.
I have a 'DMZ' where I have installed an NT ras box for dial-in. I have on
the internal network an ACS server doing auth for the PIX. I have defined
two groups of users on the ACS, general and admin. The general users should
only be able to access two ports into the internal network and
surelly, I am missing something. In a widely open network as this, how
can it be secure ??
Iain McAleer wrote:
> Hey guys,
>
> To be honest, if your system is secure a firewall is redundant. I am aware
> of a company here in Perth that is part of a multi-million dollar
> corporation. They ha
Hi All,
I'm working as a security manager for a big ISP and I'm looking for a
GOOD security update software.
I was playing around a little bit with Update Expert and it seems to be
a very nice software.
I was wondering if there are any other good tools like Update Expert
that I sould know about.
Morning all,
There are three modes of operation for DES (and 3DES).
ECB - Electronic code book. In this modes plaintext and ciphertext have
direct correlation. Ie, given same same plaintext transmission, the
ciphertext will be the same to. This mode is similar to World War II
encryption mechanis
Hello Dougles,
I started off looking for security jobs at the age of 17 (20 now) and
started out doing the same things, reading hundreds of documents from web
sites and playing with linux & freebsd. I am still without a security job
but started buying old computers and other hardware to start a t
Lads and lasses,
I've just recently upgraded my home (shared) computer to XP. I have been
using X-nestat to monitor all realtime TCP connections...
Anyway i have seen alot of random SYN packets being sent from my computer
from ports 4150, 4151,4152 etc to another destination IP address
216.187.X
Hi Everyone,
I am new both to this group and to this field.I have heard about IDS
but never knew that BOTS couls play a major role in IDS.I found this at
http://www.mountainwave.com/cyberwolf/
I am a newbie and any information regarding this shall be extremely useful.
Awaiting your enlight
Hi all.
I'm trying to become more involved with infosec as it
pertains to independent consulting, network auditing,
security advisor status etc. I have worked as CSO/MIS
for a mid-sized firm for the last 2 years, and a small
company for 3 years before that.
My current job function at my full-tim
hi,
which is the lowest layer where a firewall can be implemented ?
i guess, it is network layer (layer 3)
in that case , how is firewall implemented on bridges , which is a layer 2
device ?
thanks
ashley
_
Chat with friends o
On Wednesday 02 January 2002 09:16, Caldera OpenLinux Benutzer wrote:
> Hello Folks,
>
>
> i just installed tripwire and everythings seems to be fine.
> The only thing i am worrying about are fake Reports send to
> me. If the System is hacked and compromised between two
> Tripwire runs, could't th
Hy people
Maybe i`m offline but why don`t you use apache on windows 2000 ?
Won`t that take a lot of "hacks" of your minds ?
Baba Bogdan
Sys Admin
CDS NETWORK, Corpus Christi, TX, USA
CAD Data Systems, Cluj-Napoca, Romania
o0()()0o---
You might try BlackIce Defender for about $25. its very good and is available online
or at compusa. do a search on google and you will find the site.
> Douglas Pichardo <[EMAIL PROTECTED]> Re: Is there any free replacement for zone
>alarm ?Date: Thu, 3 Jan 2002 16:31:00 -0500
>
>You can try T
As for that matter, Zone Alarm is also Free, not Zone Alarm Pro !
Daniel Chojecki wrote:
> Dear Subscribers !
>
> I`m looking for free replacement (GNU or freeware) for ZoneAlarm (i mean
> firewall software for Win9x/NT/2k).
>
> I was looking through archives/lists/web and i couldn`t find anythi
You should avoid relying on a single layer of security for defense. A
firewall plus secure desktops is going to be far more secure than just one
or the other. Firewalls should be a fundamental part of any Internet
connection.
Greg
--
Greg Francis
Sr. System Administrator
Gonzaga University
[EMAI
IMO, security should be addressed in layers, and a good firewall is an
important part of your defense system. With a layered defense, you never have
a single point of failure. The company you mention is playing without a net -
cocky and unwise. My bet is that it is only a matter of time befor
Securing Linux is a good book... i have it at work, ill get the isbn for
you... also read this...
http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.html
this is a neat article... may help you out..
- Original Message -
From: "Douglas Pichardo" <[EMAIL PROTECTED]>
To: <[EMA
I build a lot of web-based apps for compaq and their time out requirements are 15 min.
> Timeout -InactivityDate: Thu, 3 Jan 2002 14:01:03 -0800
> "Orlando J. Cano" <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
>I was wondering what everyone else is using as timeouts for the
>following configurations:
Sorry, but firewalls do NOT hide IP's. They block ports. The only thing
that hides IP's is NAT. You think the firewall is hiding your IP because
the firewall kills the connection attempt to THAT port. Any good hacker can
tell the difference between a firewall blocked attempt and a non-active IP
Boy, are YOU living in a fool's paradise! Ever heard of dumpsite
diving, shoulder surfing, social engineering,...
Opinion: It is people with views like that which make the job so hard.
:-(
"'ken'@FTU" wrote:
>
> I believe the most important aspect to security is programming. If it
> were
Hey all,
when I examine the log file on my solaris box these days ,I can always catching these
"bsd-gw[pid]: Error reading from connection: Bad file number"
It seems unusual,but i can't find any answer on that.
Anyone has encounter this before?
--
我要更好的生活
Yiming Gong
Senior Sys
Yes I have. And these are essential elements of security in general, not
just computer security. For example, having a shreader to destroy
classified documents to prevent dumpster diving is not ***essentially***
tied to a computer systems! (People did it in the old days by throwing
their docum
What are the current options for firewalls that can handle 1gb throughput ?
I've got a client that has a 1gb internet connection, (a major Univ), and
they want to firewall it, but haven't because they haven't found anything
that wouldn't impact the performance too much. I've seen firewalls that
a
YOur distinction is harmful. There should not be "computer security"
any more than "hammer security". They are but tools. At worse,
information security.
And I maintain that those seeking technical solutions for non-technical
problems are doomed to failure. For programming, remember that a
"f
Hello!
How can I deny all MAIL FROM: <> commands from hosts which are not MX for a domain?
Thanks, Octavio.
This is a hack, but it will get the job done.
You could setup your tripwire policy so that it will always generate an
error of some sort. That way you would always get a message, and if you
failed to get an error sent, then you would know that your system has
been fooled with. There are ways to
The distinction is not really danguerous because I do not exclude the
human problem from the technical problem when looking for a "broad"
solution. But there are problems relative to computer security that are
not related to, lets say, CCTV security. For example, it just does not
make sense as
I currently have a PPTP W2K server on a dedicated circuit with a static IP.
I am wonder without the purchase of a firewall is using the block ports
setting on the individual W2K systems using the advanced options in the
TCP/IP properties doing me any good? I am aware of the issues with PPTP
encry
Cases in point:
http://www.lightlink.com/spacenka/fors/
http://www.wired.com/news/technology/0,1282,41630,00.html
At 12:30 PM 1/3/2002 -0600, TOMMY D GAST wrote:
What ever you do, DO NOT HACK your own system, without
proper authorization. You can be and will be legally
responsible for this act
Here is a suggestion for basic firewall setup:
Always have a base rule or policy that is set to deny or drop any source
to any destination using any service/port. Then add rules or policies
above
the basic deny policy (typically referred to as a stealth rule) to
specifically allow only the tr
69 matches
Mail list logo