HI, your questions are more easy to answer this way ;-)) 1) Yes, they can do more, but I think you received the answer already : Zmbiing (?) your machine to attack some other (DDOS, Going deeper in your network, etc.)
2) What do you precisely mean with 'packet intrainspection?'. Any way, Good and ideal security should encourage you to use a dual- barrel mechanism. So putting a Firewall box, doing some statefull inspection or Proxying, in order to cut the session, should really a second layer. ARe you also restricting outgoing connection? outgoing port blocking for non known port, NBT, known trojan, etc... Regards. Max -----Original Message----- From: apif [mailto:[EMAIL PROTECTED]] Sent: samedi 19 janvier 2002 11:26 To: [EMAIL PROTECTED] Subject: RE: seeking a better understanding I recieved one response to my original post... so maybe I am not in the right conference / newsgroup. If this is so, please let me know. Otherwise, the two following questions would scoot me along to understanding what I need about basic security. Thanks. 1. Given port 80 (and only port 80) is open to the outside world, if someone were to breach that port, could they do more than deface my website? 2. Is a home router that does src port blocking, packet intraspection, and NATing enough, or do I need a middle box running some form of firewall software too? -----Original Message----- From: apif [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 16, 2002 2:25 PM To: [EMAIL PROTECTED] Subject: seeking a better understanding All, Where to begin? I have a home network, and am considering putting in a web server. At this point I am considering the security of it. I suppose the best way to help you in helping me is to tell you a little about me, my network, and how I plan on using this. I'm from a technical background and support MS servers. I have very little experience in Linux, and only a little in security. Security mostly comes from another group in my company. My connection to the internet is DSL. I am planning to upgrade it to a premuim connection so that I can have static IP's. A domain name and DNS registration will be a course of action further down the line. My home network consists of less than 5 boxes, each running varying O/S's. All MS O/S's are running personal firewalls. Other boxes are Linux. I have a netgear R0318 router which is up to date on it's firmware. It supports NATing, packet intospection, and blocks ports except where I specify they should be allowed through. So here is the run down. I'm weak on Linux, but that is what I want to put the web server on. It will run on Apache web software. All machines are behind the router, and all addresses are NAT'd. I would project out port 80 for the Slackware Linux machine, and no others (except maybe FTP at some point unless you think this would not be wise). I currently do not have any A/V software on my linux box (and to be honest, have no idea what sort of A/V to put on a linux box). Now that you have the background, my questions comes down to this. If port 80 is the only port allowed through, and someone chose to attack this port, could they compromise my system, and if so how? What other steps should I take to protect this system? I see IPTables (I guess it replaced IPchains) in slackware. I know this is a firewall, but I don't think it is like the personal firewall I have on MS boxes. I suspect it is more like a full corp class firewall, and probably as complicated. Should I be using this on my Slackware machine? Do you have any suggestions of what A/V software I should use on a linux machine, and do the spot trojans as the MS ones do? Thank you for your time. I'm sorry this was so long. Visit our website! http://www.nbb.be "DISCLAIMER: The content of this e-mail message does not constitute a commitment of the National Bank of Belgium (NBB) except where provided for in a written agreement between you and the NBB or where confirmed with a written form approved according to the internal regulations of the NBB. Besides, the statements and opinions expressed in this e-mail message are those of the author of the message and do not necessarily represent those of the NBB. The e-mail message contains proprietary information intended for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on any part of this e-mail message."
