RE: Securing workstations when Firewall isn't an option

Ray Wed, 31 Jan 2001 23:13:39 -0800

I don't see how a "host firewall" will help at all.  If the info is in
clear text on the wire, a firewall doesn't help.  You'd need an
end-to-end, encrypted tunnel for the traffic to pass through, like IPSec
or VPN.  The key word is *encrypted*.  Even in a switched network there
are all sorts of little games to play such as arp flooding, or mac
spoofing.  And i'm just assuming the network is even switched.  And you
must also consider physical access to the wire.

My philosophy is never trust that wire going into the wall.   I think
passing credit card info in clear text on any network is unacceptable.
You need to demand that your vendor provide a secure version of the
product.

-Ray


On Wed, 31 Jan 2001, Fogel, Avi wrote:

> Or just run host firewalls on the selected workstations (@ $100 or less per
> host)
> 
> Avi A. Fogel  
> Network-1 Security Solutions, Inc.
> 
> >>> -----Original Message-----
> >>> From: Security Related [mailto:[EMAIL PROTECTED]]
> >>> Sent: Wednesday, January 31, 2001 3:02 PM
> >>> To: [EMAIL PROTECTED]
> >>> Cc: [EMAIL PROTECTED]
> >>> Subject: Re: Securing workstations when Firewall isn't an option
> >>> 
> >>> 
> >>> Depending on the level of security YOU think you need, you 
> >>> also might want 
> >>> to configure the switches? to restrict what MAC addresses 
> >>> are allowed to 
> >>> come in on a given port and set it to fail-closed. Not 
> >>> foolproof but still 
> >>> it "ups" the bar a little.
> >>> 
> >>> -ES
> >>> _________________________________________________________________
> >>> Get your FREE download of MSN Explorer at http://explorer.msn.com
> >>> 
> >>> -
> >>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> >>> "unsubscribe firewalls" in the body of the message.]
> >>> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean                                       http://www.r-a-y.org
Systems Administrator               Southeastern Louisiana University
IBM Certified Specialist              AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: Securing workstations when Firewall isn't an option

Reply via email to
