D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] XP and firewalls



hi simon,

thanks for the offer of different windows tools. the guy i work for is pretty much MS only - obviously he makes the spending decisions. the last one was for SBS 2000 which has caused us no end of trouble. i've even said that i refuse to work on setting it up any more - i can set up linux solutions which are faster/cheaper/more reliable etc. so messing around with SBS seems pointless.

we may have ADSL soon because we want to run test websites and DB's on our own server before we send it up to co-located servers. when that happens i will probably get in touch RE security and setup.

on the bright side - we now have a (co-located) cobalt server for our latest project - which runs linux/apache/postgresql. the price has been the factor here - windows servers are expensive to rent - but when you need a DB as well then it starts to get very expensive.

i read the wired article RE the attack GRC suffered - and it was caused because someone with the handle wickd (or similar) thought steve gibson had called him a mere script kiddie (which he hadn't). wickd then used 474 compromised IIS servers to DOS grc.com

steve got to the root of this by pretending to be another cracker (fixed a faulty bot program to gain credibility) and then got into their IRC chatroom. he then did a deal to get them to leave him alone. it was above my level but an interesting read.

if you come across the workaround for MS proxy server again i'd appreciate seeing it,

thanks,

kev

Simon Waters wrote:

kevin bailey wrote:

he does not refute the fact that there is a security problem - but says
that more notice should be taken of other security problems like a
recent oracle vulnerability.  i would say that an XP vulnerability will
have far greater impact.


I think that is a fair view point of itself. I had a horrid thought the other day, if someone writes an Oracle SQL*NET & NET8 aware worm that tries the default Oracle passwords, and e-mails itself, it could wipe out a substantial proportion of company databases.


this one claims that steve gibson is 'loopy' and 'talking bollocks'!!!


Steve went over the top in reference to XP making it easier to send spoofed packets.

Sending malformed packets is easy on Linux (for root), but
Windows has required extra software to do this before, XP will
make it easier.

Spoofed packets are harder to trace back (in theory, some ISPs
can trace spoofed packets either than genuine ones as they stand
out like a straw in a needle factory), so yes Steve is right we
will see more spoofed packets. But since a virus or worm could
install the extra code Windows need, it is just making it
slightly easier, and spoofed packets should be dealt with in
routers and firewall, not on every desktop.

i don't think the shields-up probe is supposed to be totally
comprehensive - just a first point of checking



Yes - if you want to secure Desktop PC's there are some really good "auditing" tools around. Pretending your the attacker is fine for quick risk analysis, and double check, but you aren't the attacker, you can run a program on every PC to spot misconfigurations. This can reduce support effort as well as keep things safer.

Compare running "nmap" against your own box to running
"netstat".

Nmap shows my port 80 open, netstat shows port 80 is listened to
by "ip_trap" - so the external view looks iffy, the internal
view reveals a rosier picture.

- it showed some closed
and one (unecessarily) open port on my works win2k server which was
useful because my boss has now allocated some resources to locking the
box down.


I can spend that for you ;) I resell some Windows lock down software (One of my distributors stocks it as a standard line) have to admit I haven't sold any as it doesn't run on Linux ;) But if your interested in getting details let me know, and I'll get a copy for you to look at.

I use to work with S-to-Infinity, they had some products for
this as well - really cool registry monitor when making registry
entries read-only was unusual in Windows. Much more useful for
actually finding out what things applications did to the
registry than actually locking it down (Which always breaks
things).

Not sure if S-to-Infinity is around, I never saw it after NT4
and they were getting into encrypted document management. Nice
company though - really good attitude to resellers and
customers.

The grc site has taken a lot of flak since Steve got hit by that script
kiddie and went (IMHO) OTT in his response.


I don't know, if your business depends on the Internet connection, and some script kiddie takes it out... Steve never made people read his documentation of the experience, and I gathered some ideas on better designs for big company Internet connections from his experiences!

Steve did make a bit of a pratt of himself in a public flame
war, haven't we all made a pratt of ourselves on Usenet at one
point? But Steve's heart is in the right place, he tries to help
people protect their PC's and tries to make a living doing it,
if he isn't the greatest ever security guru, well Richard
Stallman might not be the greatest ever programmer but that
doesn't mean you wouldn't want him to try.

The only thing worse than to try and fail, is not to try.

anyway - MS have hacked me off too much recently, especially cos their
web proxy server - ISA - looks like it only works for IE.  i have tried
to use mozilla and netscape in work because IE keeps crashing my machine
but the server refuses their requests.  the poor guys at mozilla are
trying to find a way around it - i'm thinking of suggesting that they
put up a message to the effect that ISA is not a true proxy server but
MS specific only.  people should ask for their money back!!!


I'm sure I've seen a workaround for this - other than urm run squid or Apache as the web proxy, or let me sell you a nice firewall ;)... Why would one use MS Proxy server, a case of 'less' costing 'more'. Trusting any security critical application to Microsoft is beginning to look like pretty dodgy planning, they clearly aren't interested in security, it doesn't sell software ---- "Cool Sells", Bill Gates said so, and he should know, he has sold more software than any of us.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.





-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.


Lynx friendly