just my opinion:
a) there are lots more apaches than IIS
b) statistics is the art to lie.. (forgot the author)
c) it is easier to harden a open system than a proprietary.
c-1) And I donot know any other way to harden a IIS than obscure
patches.. which closes a lot of holes just opening new
What id really wanted to set up is to get sendmail to keep a copy of every outgoing
e-mail.
The answer to your question is in the sendmail faq
http://www.sendmail.org/faq/section4.html#4.20
libmilter/README has example code to do what you ask.
Back to the crunchy on the outside, chewy on the inside vs. tough to
chew through and through, huh? I've seen it well implemented both
ways. My PERSONAL preference is that a firewall is not needed for a
network if EVERYONE on that net using EVERY system is fully versed in
hardening methods. It
Can you beat them around the head and shoulders stressing this? Maybe
add with competent operators.
Patrick S. Harper wrote:
[snip]
A system is only as secure as the sysadmin is competent and dedicated.
And sometimes they still get hacked.
[snip]
--
James W. Meritt CISSP, CISA
Booz |
In-Reply-To: 000101c19709$f8c73830$5241bbd4@www
I don't know about XP, but nmap runs just fine on
2K...
Go to http://www.insecure.org/nmap/dist
Scroll down until you find the 2.54BETA30 version
that ends in 'win32.zip'...
I got started by trying to make my own machine me proof. I knew quite
well its weaknesses - if it was resistant to me, I was doing the best I
could.
Note: The boxes to my left and my right (network-wise) were hit by the
RTM worm back in 1988. I wasn't. Been paranoid a long time. But I
I would like to note that here @ work, out of about 50 end users, we are
noticing that about 5% of the time tiny personal firewall is causing blue
screens. but this is a small percentage, but none the less we have taken it off
of more mission critical computers. just fyi
-Original
You also might try looking up your state's laws on information privacy and
security. You can find this fairly easy on the net. It's not as difficult to
set up a legal policy to CYA as you may think.
NetRanger
hi
this is my second mail to this forum . Dont know why the 1st mail didnt
appear in the list.
i am new to the security arena . Want to know about tools used for networks
audits.
Alok ahuja
I agree that both Apache and IIS need hardening and protecting (I run both).
But...there have been n Microsoft Security Bulletins regarding
vulnerabilities in IIS, but few such issues for Apache. A hardened and
protected IIS doesn't give me peace of mind, because I believe, given recent
Get some more memory and upgrade your PIX so that you can do away with
the conduits and define normal style ACLs. However, you will also have
to modify inter-DMZ ACLs because default behaviour between DMZ security
levels will change the minute you implement the ACL approach.
Cheers,
Mark
I would choose hardening, because ultimately (in general)
it is a host that is being compromised, not a network
(at least not directly). You can firewall all you want but
if you are not configuring the services securely that you DO
let through then you are still at great risk. Additionally,
if
depends upon the version, see
http://www.cisco.com/warp/public/707/ssh.shtml
-scm
On Mon, 7 Jan 2002, Led Slinger wrote:
I have been tasked with finding a solution to replace telnet for router
access to a large group of Cisco Routers. Is SSH available for Cisco
Routers or does anyone have
Personally, Id chose a great firewall. Becasue firewalls effectively seperate
your business critical apps, services or whatever from the rest of the prying
world, youve got a kind of safety net to fall on. Most OS and applications
dont come out of the box with gaping exploitable security
would I be right in thinking that the lowest rights on a domain take
precedence, so, if you have lower rights on one of your domains then they
will take over any other rights.
Just my $0.02
Andrew Jones
Technical Advisor
Meggitt Petroleum Systems
Tel +44 (0)2476 697417 Ext. 40
Fax +44 (0)2476
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What are the current options for firewalls that can handle 1gb
throughput ?
I've got a client that has a 1gb internet connection, (a major
Univ), and they want to firewall it, but haven't because they
haven't found anything that wouldn't
Led
Yes SSH is available for Cisco routers but it requires that you upgrade to the
enterprise version of the IOS software for your routers. An alternate solution is a
headless unix box connected via a permanent console cable to the router and a network
card connected via a crossover cable to
I would consult with a corporate attorney, preferably one specializing
in your particular expertise.
-Original Message-
From: dumbwabbit [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 06, 2002 3:08 PM
To: [EMAIL PROTECTED]
Subject: Help with legal document - network probing
On Mon, Jan 07, 2002 at 03:53:50PM -0600, Calhoun, Heath wrote:
I am attempting to block the multimedia search program kazaa on a pix 515
running ios 4.4.
Pinging the Kazaa website, I got a address of 213.248.107.10. The program
uses port 1214.
I need to block any access to the website and
Can't you just block the port 1214? I think that if you block it on your
firewall, you'll have no problem.
Can't you use some ACL rules? I believe the IOS has a FW.
Bye
On Mon, Jan 07, 2002 at 03:53:50PM, Calhoun, Heath wrote:
I am attempting to block the multimedia search program kazaa on
On most firewalls, you can block particular icmp types to specific
addresses. So, you could allow your email server to be pinged, but not
the outside interface on the firewall. Or you could allow ping and
traceroute out of your network, but not in.
-Original Message-
From: Mark L.
To answer some questions. When the pix 515's were installed they were setup
with 4.4. We have not gotten around to upgrading all the firewalls. That
is
on the books to do.
with 3 people running Kazaa and a couple of other internet games /
multimedia
servers one site was taking up 95% of the
There is a nice tool, which can do a bit more than portscanning (network
scanning): LanGuard - but it can do portscanning, too. It is freeware and
can be downloaded here: http://www.languard.com
Chris
-Original Message-
From: Philip Wagenaar [mailto:[EMAIL PROTECTED]]
Sent: Monday,
--- Omar Koudsi [EMAIL PROTECTED] wrote:
I found that the best way to learn other than reading and implementing,
at least for me, is the honeypot approach, put a machine on the net with
a permanent address and see what kind of attacks it faces and how can
you counter them. It will also allow you
At 05:06 PM 1/7/2002 -0800, e-CraftZone wrote:
Angry IP Scanner 1.87 from Angryziber is good. It's very fast. Also
includes command line usage.
http://www.angryziber.com/ipscan/
Appears to have a problem with WinXP so it does not fit the bill.
A firewall is just a term that is commonly applied to layer 3 (and
above) devices and has become synonomous with IP. However, it is
possible to implement security at layer two on bridges using a number of
standard and proprietary methods. The standard methods would include the
use of non-router
My knowledge of network security is mostly theoretical as I'm new to the
field, but let me share my mental model with you.
Let's use this analogy:
The king of your local village has commanded you to protect the subjects
from the barbarian horde. There are several methods you might use.
You
At 12:29 AM 1/7/2002 +0100, Philip Wagenaar wrote:
Hi,
I`m looking for a good port scanner that will run under Windows XP. My
wishlist for it that it scans TCP, UDP and stealth but i`m not really
sure if there is such a one under Win enviroment.
I also wondered if anyone got nmap for win32
Not really sure, but IMHO its always better to have a hardware firewall if
you can get one (Linksys, Cisco PIX etc). Depending on what u're going to do,
you might want to search for seperate comparisions of both software AND
hardware firewall systems
-Terry
On Monday 07 January 2002 18:58,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
if upgrading the pix software is an option i would suggest converting to access-lists
but you can do it with outbound and apply commands.
conduits only control inbound traffic, if you want to stop users from getting out you
need to setup outbound
There is a list of Gigabit products here:
http://www.thefirewalllab.com/gigabit%20fw_vpn.htm
Bruce
At 06:42 PM 1/4/2002 -0800, John Morris wrote:
What are the current options for firewalls that can handle 1gb throughput ?
I've got a client that has a 1gb internet connection, (a major Univ),
Normally, you want your FW to be as invisible as possible (black hole) so
you just drop all incoming packet that are not specifically allowed in by a
rule. What you can't see can only be attack by guessing. Rejecting give
back information to the bad guy...
In the case of a smtp mail server,
SSH is available for a sub-set of Cisco routers. However, it is worth
logging onto the Cisco web-site because there have been weaknesses
identified in the SSH implementation. However, in later releases of IOS
these should have now been fixed.
Here is a brief overview of SSH support taken from
On Monday 07 January 2002 12:33, Seth Keller wrote:
I have been getting several dozen e-mails lately that have me puzzled.
They are returned e-mails from a message that I posted to this list over a
month ago, and I will add that that message posted successfully. I still
have some of the
34 matches
Mail list logo