On Wednesday 20 September 2006 08:47, Andrew Cameron wrote: > No ports need to be open at all on a B4H firewall. > The more ports you have open the bigger chance of getting hacked.
Yeah. Ideally, you just cut the cable that connects you to the Internet. Then you can (almost) rest assured ... Seriously: - no VoIP in your practice? - no remote access (e.g. SSH ?) - no pathlogy downloads (or do you just poll them from mailboxes like I do) There seems to be this weird belief that ports have some magic property - if they are open, intruders can walk nilly willy into your rooms, and if they are closed, nobody can ever enter. Think of your port as a phone number that has been published. If the port is open, you have plugged your phone in and it can ring if somebody rings you - no more. If you have a stupid defect phone that gets automatically off the hook at the first (silent) ring and sets itself into handsfree mode, you have a problem - the equivalent of defect application software listening on an open port If you have an old fashioned phone with no buttons, not much can happen even if it is connected. If you have a highly sophisticated one with dozens of macro buttons and bluetooth handset forwarding - a lot more can happen, especially unexpected or unintentional things - as with complex application software. What you suggest is two things: a) I don't plug my phone in, so nobody nasty can ring me. Correct - but there are cheaper paperweights. You don't want a phone in the first place. b) You believe just because your number is not in the white pages, nobody nasty will ring you. Surprise, surprise - telemarketers probably don't even know white pages exist for all they care, they ring systematically through number blocks > Quote from horst "*behind* it (not in front of it) and catch & report > > > what comes through that shouldn't have" > > Did you really mean to say that, that way ??? > Nothing comes thru my firewalls I don't want. Too late once its thru. Welcome to reality. One day it might hit you like a train, so better watch out. If you actively participate on the net, you will have two way network traffic. Even if you don't have any ports open, you can get hacked - enough just pointing the MSIE browser to the wrong site, or using MS Outlook/Outlook express and receiving the wrong mail. In like Flynn, they say. One way or another, one day *something* might get active from *within* your network. How it came to be is primarily irrelevant until you have detected the problem in he first place. > Checking daily ? > Why ? see above. But continue to sleep, since it obviously does not worry you. I do not know of a single practice I visited in recent times that did not have *multiple* malware on at least one of their computers, and *none* of them had realized it. Not one of them. All just drop their jaws and bulge their eyes, and most have just been lucky that the intruders had no interest whatsoever in their data, just in their capacity as mail relays, FTP servers for all sorts of things, IRC bots, or just slave platforms for further attacks, They all think just because they have this Norton's Nonsense or whatever installed, nothing bad will happen to them. Either you check, or you don't want to know. Which is it? > And what doctors do you think have the time besides yourself ? I am administering 17 such machines in about 10 minutes per day - it is all a question of proper configuration and proper monitoring tools. If you have scripts that skim through logs for you and you know what they are supposed to look for, it is a piece of cake. What takes time is supporting application sofware, configuring software, setting up users etc., which is why I don't do that myself. But *monitoring* security does not take time. It *saves* time. Plenty of it. > We are talking about surgery firewalls here aren't we ? Not the 17 servers I mentioned, but yes - if your practice is connected to the Internet and you don't bother monitoring from within and at least checking your (script summarized) logs once daily, you are on a blind run through a minefield. Are you religious? I myself prefer not to relay just on faith and prayers when confidential data that has been entrusted to me is at stake. Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
