As long as you map a drive letter, you are using NETBIOS, either by IP or
name (which is resolved to an IP address to make the connection unless you
have NETBEUI running).
NETBIOS should ***never*** be bound to an interface exposed to the
world, firewall or not. SMTP is tough to expoit, FTP, quite a bit easier,
HTTP is easier still.
If NETBIOS is available on the external interface, then your system is open
to the next smartypants who finds a way to overrun a buffer and execute a
bit of code.
It is quite easy to unbind NETBIOS from a specific NIC, but as long as it is
running, even on the inside only, you have exposed your internal network to
someone who gains control of your server. I agree that layering is the only
way to approach the problem _ Firewall _ NAT _ Blocked Ports _ Only the
absolutely necessary services bound to the external NIC _ only the
absolutely necessary services bound to the internal NIC _ Anti-virus
software on the server _ anti-virus software on the desktop _ security
logging enabled and #1) MONITOR THE LOGS !!!! At the least, you must be
familiar with the normal size of log files and routine entries. If something
changes drastically, dig in.
This NOS full excels at ease of use - an office manager can install and run
it - but requires full attention to security.
----- Original Message -----
From: "Patrick Mathews" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 19, 2001 7:25 PM
Subject: RE: [IMail Forum] Virus Programs
> maybe i'm parsing this wrong... i map drives to the ip addy in a unc
format.
> in the map drive dialog i would put \\xxx.xxx.xxx.xxx\c$ or \admin$ or
what
> have you, where values for 'x' above are octets of an ip addy.
> [brooklynese mode=on]
> insert disclaimer.h YMMV . i don't 'memba if y' ca' do dis witout netbios
> ova ip, see, da fast way to find out ova heah is ta take dat checky off
and
> see if it flies. if it do... yer in like flynn. and dat's dat.
> [brooklynese mode=off]
>
> ok, now let's talk security. i use a NOS from m$, who are famous for their
> statements about their products security. i don't want to anger them, so
> i'll leave it at that...
>
> there are firewalls and there are firewalls. i've seen banks with cisco
> pixes. i like that idea... as for stuff running on a server?
> i dunno. i'm too st00pid to figure out how to run a secure app (like a
> firewall system) on an OS that has more back doors than a garden apartment
> complex. there are a bunch of server based firewalls and stuff. when i'm
> doing security work, i always recommend a 5 tiered approach that includes
> user education.
>
> a firewall without at least ip to ip nat and a proxy and a dmz and some
> sitting down and thinking about what you want secure, and what you don't
> care about is a waste of time and money.
> so as far as server based firewalls go:
>
> schools libraries and such use a thing called fortress. if it was
expensive
> and hirsute, i don't think that laypeople would use it.
> there are lots of good security sites. i think i threw a couple of links
up
> yesterday, search the archive because other posters to this list know
> security way more than i do.
>
> find a good security list. it's worth it.
> > >I didn't mean to imply that the mail server was using mapped drives,
but
> > >rather that its drives were mapped for use by other PCs. In the
original
> > >discussion, the suggestion was to have a separate anti-virus PC
> > >scanning the
> > >mail server by accessing it through mapped drives. This is where I
> > >objected. Other than that, you and I are in synch.
> > >
> > >Someone told me that it's possible to use mapping without NetBios in an
> > >all-Win2k network. I don't know how that would work, but it
> > >would be nice.
> > >
> > >This entire discussion brings up an interesting point: how do people
> > >configure their public IMail servers to be secure? Does
> > >everyone turn off
> > >NetBios, and if so, how do they handle file access (such as copying new
> > >files) to the mail server? If they don't turn off NetBios, what
> > >do they do
> > >for protection? Or does everyone not worry about this at all?
> > >
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
