Hi Sonny, > Have you had experience with any of the ISS products?
Yes, I had the chance to take a peek at a few of their products a year ago. > I would have to say that if your budget (or your providers budget) could > handle the strain of a full commercial security installation, then I would > argue that you CAN stop intruders. With the right budget and right tools you can make it quite difficult for someone to get to your assets. The more time, effort and money you invest, the more likely it is that you can stop intruders. But there will always be that lucky guy with a 0-day exploit at hand (or make it a 60-day exploit when you look at how long it takes Sun to roll up patches) and then you're screwed nonetheless - despite all precautions. That can happen to someone who uses ISS to monitor the firewall or IDS streams as well - it's just less likely, but still possible. However, most hosting shops operate on a tight budget, so you'll hardly find the latest and greatest security appliances there. I don't say that anything is better than nothing, but it's better to have some precautions in place than nothing at all. Something along those lines. > If you were going to try to utilize opensource security countermeasures > only, then the answer is probably that you get what you pay for. Many (if not most) great security tools are open source software. If someone can make use of 'em properly, then there is no need to pay an arm and a leg for professional support. If a company rolls up open source software in a way that a person with no (or modest) Linux skills can make use of 'em, then that's a good start. It's not perfect, but a good start. If you can afford professional 24/7 support and monitoring, then that sure provides you with an even better security - at a price. It's good that there is so much choice to pick whatever suits your budget and your needs best. > Some simple tips would be: Nice outline. I for myself use the multi layered approach myself, which includes monitoring on the servers themselves (integrity & IDS), dedicated firewalls, honeypots, network sniffers, VPNs and therelike. Some of it is cobbled together with open source software, some is proprietory soft- or hardware from various vendors. A properly planned and carefully designed network also helps to tighten up security and the last line of defense is of course having backups - just in case. ;o) > hehe one of my colleagues just suggested that if your customers were > only active during the day, then why not shut off your server at > night??..... wicked security stuff now Well, then you hopefully have a 2ndary MX which queues the incomming emails at odd hours. ;o) But yes, for a small office which just needs connectivity during the office hours it's sure best to drop the connection once it is no longer needed. That depends on their specific needs. > Lastly, the aim is to make your attacker jump through as many hoops as > it takes for him/her to get bored, or for the time it takes one of your > security systems to notice him/her and shut down the first hoop, > reroute the second hoop and block the third and fourth hoop from > accessing your server and send you a nice message saying sleep tight, > all is well here - all without spending too much money, wasting too > many hours, and still giving your customers good service! As there will never be enough security the goal is to lengthen the time which an intruder needs to get to the crown jewels. So it is all about buying time - enough time that you (or your security measures - whatever they are) detect the intrusion attempt before any actual damage is done. I'd rather have one toying with the honeypot than with the actual servers. Which is can also be quite educating as I learned some nice (new?) tricks from the honeypot logs. ;o) -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
