First point Steve is that this is going to take a lot longer than three
months to do. You have to change a culture and this is the biggest problem.
OK, the first point is to set the wheels in motion to make a security policy
that states that anyone breaching you security policy will be
]'; 'Brian Eckman'; 'Des Ward'
Subject: AW: Firewall configuration statistics
As a security professional and someone that has to do with sales, i wanted
to add a quick thought, but don't want to engage in thread necromancy.
So anyway, i wanted to agree with you Brian -- i do not believe
Right, let's try and put this one to bed.
Unless you are using stats that are relevant to the industry, size and
external-facing internet presence of the intended audience; the stats used
are of no real intrinsic value. Industry numbers have no real intrinsic
value because of this. That is both
'Out of the box', the service packs will automatically update anything
already installed on the system. The patches will be up to the date that
the SP came out.
Hope this helps.
-Original Message-
From: Thad Horak [mailto:[EMAIL PROTECTED]
Sent: 18 June 2003 16:59
To: [EMAIL PROTECTED]
That is one way of doing it, but is not the most secure as you have to open
a hole in the firewall to allow this. MS allow you to create an internal
update server inside your network or you you can just download the patches.
These ways are much better as you have more control. Update from the
The first one does not have to use two separate firewalls, just have an
extra NIC to segment the LAN and DMZ.
You bottom two examples are as follows:
The first one is far too complex and was how I thought a DMZ was supposed to
be until I realised that it just wasn't needed.
The second means
-
From: Devdas Bhagat [mailto:[EMAIL PROTECTED]
Sent: 10 June 2003 03:38
To: [EMAIL PROTECTED]
Subject: Re: Firewall configuration statistics
On 07/06/03 00:42 +0100, Des Ward wrote:
snip
Is a firewall misconfigured if someone hacks through the web application
layer? No, the firewall allows http
I would disagree with what has just been said.
If a risk analysis has been done to determine the risks to your
organisation, and the firewall stops those risks identified, then the
firewall is configured correctly at that moment in time.
The key phrase is 'at that moment in time'.
There are
Basically, you're going to have to get a machine with three NICs. The
purpose of a DMZ is to segment machines from your internal network whilst
still providing protection for them.
Any other solution will just not give you the right balance of security.
Sorry
-Original Message-
From: