The best approach is always to use as many scanner's as possible, if you
want to do automated vulnerability scanning. SAINT/SARA et al should be used
in conjunction with Nessus.
Once you have a list of all open ports/services, I'd recommend that you
build up a list of the software and versions
Hi Al,
The point indicated by Volker Tanger is an important one.. i.e. the last
sentence of the Network Computing review.
Automated Vulnerability scanners, whilst being usefull for shorthand, a
quick look, are not terribly clever. They are certainly not as clever as
the guy who might be trying
Pen Test teams are not a solution for providing security. While
many companies do pen test's ('proof-of-concept' in a sense) and
vulnerability analyses (snapshot's of security posture at a point
in time), to ensure that one keeps the bar high-enough, it is much
more important to develop security
Title: Penetration testing of non-routable networks
The recent discussion about finding useful penetration tools got me to thinking.
As I understand it penetration tests against non-routable networks, that is networks behind a firewall that use a single IP address,(usually the Firewall
OK, You are saying that your firewall uses NAT implementing single IP
Address Resolution. This means that servers on the internal network that
run services that are available from the external network (or internet)
appear to have the same IP as the external interface of the firewall.
Lets say the
-
Andrew Thomas
office: +27 21 4889820
facsimile: +27 21 4889830
mobile: +27 82 7850166
"One trend that bothers me is the glorification of
stupidity, that the media is reassuring people it's
alright not to know anything. That to me is far more
dangerous than a little pornography on the
The lucent LMF has a proxy agent that does mail and content filtering using
the Trend product suite.
We're looking at it at the moment and its had some good reviews in the
press.
The proxy agent runs on a server independent to the firewall, thus taking
processing away from the firewall.
Hello all.
I have a problem with a Cisco PIX firewall. Version 5.1(1)202
On the Cisco secure I have few rules regarding timers :
- Start Hour.
- Stop Hour.
- Authentication idle timer.
- Authentication absolute timer.
The two first timers are applied on users. They can't connect through
the
Where can I get reviews of Sunscreen SPF-200 ?
NOTE: Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this message (or responsible
for delivery of the message to such person), you may not copy or deliver
this message to anyone.
I have to say that it is a pretty sad state of affairs when a mailing
list that is dedicated to IT security issues falls foul of this type of
problem.
Is there any need to allow attachments on this forum?
I assume that there is some form of content analysis performed on the
traffic through
On Tue 2001-02-13 (11:03), [EMAIL PROTECTED] wrote:
I have to say that it is a pretty sad state of affairs when a
mailing list that is dedicated to IT security issues falls foul of
this type of problem.
that's not a problem of this list but may be a problem of people on
this list unable to
just for your amusement:
[EMAIL PROTECTED] triggered three
instances of this sent to me:
Trend SMEX Content Filter has detected sensitive content.
Place = [EMAIL PROTECTED]; ;
Sender = Helmut Springer
Subject = Re:
Delivery Time = February 13, 2001 (Tuesday) 07:08:05
Policy = Sexual
Actually that message was very useful to me. It gave me early warning about the virus
by showing that it leaked through our email anti-virus and the code gave me some
strings to scan for on our IDS.
As a security professional, I never execute anything I get in email, but I do
examine it
Que?
I was not complaining about the e-mail informing us that is was a 'nasty
little script'. I was highlighting the point that a mailing list whose
focus is IT Security was used to prolifferate malware.
Let me see if I have you straight here. OK its nice to see the A.V. and
content analysis
Most Virus Protection software worth a tinker's damn checks the *contents*
of the zip file...
The way we transfer .vbs is, as you say, changing the extension to .txt
before attaching it.
Dan
-Original Message-
From: Noonan, Wesley [mailto:[EMAIL PROTECTED]]
Sent: Tue, February 13, 2001
Not sure what you were trying to show from that link?
David Ishmael, CCNA, IVCP
Senior Network Management Engineer
Windward Consulting Group, Inc.
Phone: (703) 283-7564
Pager: (888) 910-7094
eFax: (425) 969-4707
Fax: (703) 351-9428
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
I only meant that I use debug.
--
From: Gibson, Brian
Sent: 13 February 2001 15:42
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE:
Just curious but what exactly is the inherent risk in
"Noonan, Wesley" [EMAIL PROTECTED] said:
Blocking all .vbs seems like a little overkill to me...
Why is it overkill? From a security standpoint running an unknown executable is an
open invitation to disaster.I know there is great utility in automatically running
executables, but it is
ftp requires a specific ftp proxy. try the suse proxy suite.
a generic proxy may not work since there are two channels
in an ftp connection.
At 12:36 08/02/01 -0500, David Ishmael wrote:
Hey there gurus! I've got a RH Linux server I'm using as a firewall with
IPCHAINS and I've added a free/open
Just an interesting note here and maybe a request for feedback. I first
found the virus yesterday after I got back from lunch and had something like
10-15 e-mails from the users here in my office... all the virus. Four users
here had opened the attachment before I could stop them. Since I had
Otto Goencz wrote:
There isn't anything what can not be red in any advocacy group, just can't
resist joining in..
Your mileage seems to be different from mine, I have NT servers with
applications running a lot longer than 2 weeks. From my perspective your
claim is totally false. Not
Ian Campbell wrote:
I realise we have enough threads off topic at the moment, but how is
everyone going with the kournikova virus? As you can see below, its on the
move in a big way. Amazing thing is that there seem to be lot of sites out
there with no scanning on their firewall or mail
Nigel,
#On to firewalls/anti-virus Does anyone know any _really_ good
#application proxy firewalls which can strip certain emails with known
#content, before they reach the mail server? With or without signature
#updates
The Sidewinder firewall (www.securecomputing.com) has some pretty
well, i guess this is on topic: a mail firewall.
i've been using and deploying a sendmail screen using procmail as a
filtering agent with great success. basically some mods to this:
http://www.impsec.org/email-tools/procmail-security.html
works like a champ. stops these situations dead in
If you are running a firewall, you can run content security scanners like eSafe
and strip script code from attachments etc. I think some of these products
integrate with exchange as well.
My Exchange admin says there is a $500 tool that works with exchange
and strips all VBS code from
This is not an "official" endorsement, but I use the McAfee VirusScan
product, and it caught everyone of my virus attachments yesterday without
any patches or updates.
For what it's worth...
-bill
At 11:43 AM 2/13/2001 -0500, Matt Rogghe wrote:
Just an interesting note here and maybe a
I think that your original email was a bit harsh. This is a public list
that any one can choose to join and lurk on.
Just because they joined, dont make them a seasoned professional.
But, I do agree that this list shouldnt allow attachments. Its convenient
to see v-cards, but I dont think its
I would like to put an ftp server behind a PIX (in a
DMZ) and have a few questions. What code level (PIX
IOS) is safe for this? I've seen posts that say 5.2.4
(I think, please correct me if i'm wrong) had some
problems with flooding pasv ftp connections, not to
mention the other ftp problems had
We've been using Trend Micro (http://www.antivirus.com) ScanMail for
Exchange with no problem for almost 2 years. We automaticaly update the
virus pattern and have had no problem with the latest viruses, including the
one you mention. We've configured the real time scanner to delete
automaticaly
Antigen from Sybari.
http://www.sybari.com/home/
Conrad Schellenberg
[EMAIL PROTECTED]
Comark Inc.
Phone (204) 633 1886 ext. 204
fax (204) 694 9689
Reply Separator
Subject:RE:
Author: "Matt Rogghe" [EMAIL PROTECTED]
Date: 2/13/2001
Didn't bother my Outlook Express either.
-ME
- Original Message -
From: "Dave Horsfall" [EMAIL PROTECTED]
To: "Firewalls List" [EMAIL PROTECTED]
Sent: Monday, February 12, 2001 9:45 PM
Subject: Re: FW: Here you have, ;o)
On Tue, 13 Feb 2001, Ian Campbell wrote:
I realise we have
"Noonan, Wesley" [EMAIL PROTECTED] said:
I don't disagree that we will continue to see the problem.
Here is where I think it is overkill. Security isn't everything, and it sure
isn't the only thing. Someone once told me "security that hampers work is
not security". That is such a true
Matt,
I must say that our Trend Micro Exchange-aware virus scanner (Scanmail, I
believe) detected the virus sent to this list yesterday. I dare say that
not a one of these viruses made it through to our Internal network, but I do
know that if it did miss it coming in, when it does a full scan
modprobe ip_masq_ftp
will work on any kernel that has the masquerading modules installed ...
- Original Message -
From: "mouss" [EMAIL PROTECTED]
ftp requires a specific ftp proxy. try the suse proxy suite.
a generic proxy may not work since there are two channels
in an ftp
On Tue, 13 Feb 2001, Matt Rogghe wrote:
non-delivery if it was genuine business) cleaned off the PC's and then
re-connected the server. Now, I work in a small office (~25 users) so I can
do this sort of thing with impunity where some of you guys in bigger
installations probably can't,
On Tue, 13 Feb 2001 [EMAIL PROTECTED] wrote:
Where can I get reviews of Sunscreen SPF-200 ?
SunScreen SPF-200 is history.
SunScreen Secure Net 3.1 isnt. It can do both routing and stealth
firewalling + + included VPNs.
Its actually performing better and is less bloated than Checkpoint
FW-1,
I would recommend trend anti-virus software. http//www.trend.com
The software is centrally controlled by TVCS. This central management allows
software auto updates every hour to all trend products.
That's 800 PC's, 5 Exchange servers, 30 NT servers.
Most importantly it does crash NT servers and
Beyond the question of who opened what with what
This virus affects /only/ users of Microsoft Outlook who /have not
applied the vendor patch from (what appears to be) June 7,
2000/. Folks, we are security professionals here. If a vendor supplies
a security patch, why would we not apply it?
Getting back to Firewalls.
Trend's InterScan Viruswalll (Internet Email/FTP scanning software) has a
plug into checkpoint firewall-1 using checkpoint's CVP .
Has anyone used this combination?
Richard Taylor
Network Administrator
Thomson Legal Regulatory Group.
[EMAIL PROTECTED] mailto:[EMAIL
DONT CONNECT TO YOUR FIREWALL!!!
HAVE THE TERM SERVER DO IT AUTHENTICATION (pass radius or tacacs info to the
firewall) AND THEN HAND THE CONNECTION TO THE FIREWALL AS IT IS THE TRUSTED
HOST - NOT THE DISTANT END PC's.
netsec rule 101...
you can't rust anybody you dont know...
do not allow
I don't disagree that we will continue to see the problem.
Here is where I think it is overkill. Security isn't everything, and it sure
isn't the only thing. Someone once told me "security that hampers work is
not security". That is such a true statement. Security like that is just as
bad as the
On Tue, 13 Feb 2001, Matt Rogghe wrote:
short while back and again yesterday and was discouraged to note that not a
single one would identify the Kournikova virus unless you had updated the
software with a patch released sometime yesterday
I block EVERY vbs attachment, regardless of its
1. None, you can download free TACACS+ software (can't remember what its
called) and install it on any Unix box. The config file is a flat file for
mine that is pretty straight forward.
2.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/s
ecur_c/scprt2/sctplus.htm
Cisco ACS provides both RADIUS and TACACS+ for Cisco and other vendors
hardware (IETF), follow this link for more info,
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/ (Watch rap) The web
interface is quite useable, and it integrates well with NT domains, keys off
Grant Dial in Permissions.
On Tue, 13 Feb 2001, Noonan, Wesley wrote:
Here is where I think it is overkill. Security isn't everything, and it sure
isn't the only thing. Someone once told me "security that hampers work is
not security". That is such a true statement. Security like that is just as
I've got another
Mikael,
Talk to your "friend" again (or read the e-mail message that I sent to the
list). The original e-mail message did not contain any reference BY ME to
your product or service.
My e-mail message was addressing criteria that I have encountered as to how
customers evaluate firewall
Brian Ford wrote:
Talk to your "friend" again (or read the e-mail message
that I sent to the list). The original e-mail message
did not contain any reference BY ME to your product or service.
My e-mail message was addressing criteria that I have encountered
as to how customers
That's quite true Wes. I have always taken it that Security is about
lowering risks to the most minimal, whilst having as little impact as
possible on communications and business. Total security would require most
servers (for example) to be so watertight that nothing could get in - even
I have not seen other responses to this, so
You seem to be asking for a system that uses a single IP address to the
outside world, then translates incoming packets to an internal IP address
scheme. There are Internet RFC's covering portions of this. The system is
called Network Address
Let say three are 3 sites in serial, i.e., A -- B -- C. Each site has its
own subnet and Check Point VPN-1. Can I setup a continuous VPN using Check
Point VPN-1 starting from A and ending at C.
Any pointers are appreciated.
Ivan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
Michael;
If these sites use L3 switches, would VLAN provide the same level of
security as VPN?
Thanks,
- Original Message -
From: "Michael Batchelder" [EMAIL PROTECTED]
To: "Ivan Fox" [EMAIL PROTECTED]
Cc: "Firewall-Wizards@Nfr. Net" [EMAIL PROTECTED];
"Firewalls@Lists. Gnac. Net"
inline
-Original Message-
From: Ray [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 13, 2001 18:06
To: Matt Rogghe
Cc: '[EMAIL PROTECTED]'
Subject: RE:
On Tue, 13 Feb 2001, Matt Rogghe wrote:
short while back and again yesterday and was discouraged to
note that not a
inline
-Original Message-
From: Hedges, Nigel [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 13, 2001 19:22
To: Noonan, Wesley; '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: FW: Anna Kournikova virus information - Please Read
That's quite true Wes. I have always taken
On Wed, 14 Feb 2001, Noonan, Wesley wrote:
I block EVERY vbs attachment, regardless of its content. I have never
ever seen a valid reason for sending a vbs attachment. Can
anyone think
of one? The same goes for other dangerous extensions: .js,
.vbe. etc...
Sure.
Hey Ray, can
Greets Paul, Ben,
For most networks there is no reason to see these on the wires:
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
192.0.0.0/24
223.255.255.0/24
255.255.255.128/25
127.0.0.0/8
128.0.0.0/16
This by no means a complete list, but something useful to apply to
borders.
cheers,
It is a bi-directional thing so there is nothing like a serial connection
from A to B to C. For A to talk to C it has to be there in the VPN policy.
For A to talk to B you will have to set an IPSec peer IP of B.
For A to talk to C you will have to set an IPSec peer IP of C.
Then on B set A and
The general answer is that VLAN's aren't security tools, while VPN's are
(flawed tho they may be, in their current implementations). It's
particularly bad if you vlan (yep, it's a verb, now :) in such a way as
to have vlans that sit on both sides of a firewall, so that if a vlan
can be jumped, a
On Tue, 13 Feb 2001, Ivan Fox wrote:
If these sites use L3 switches, would VLAN provide the same level of
security as VPN?
throwing a layer 3 VLAN on it may not be a bad idea, but as long as you're
setting stuff up using a crypto tunnel is a wise idea. you don't know what
will come out that
58 matches
Mail list logo