Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

Re: what should I do when....
From: Adriel Desautels <adriel () netragard com>
Date: Thu, 10 Jul 2008 11:03:40 -0400
Ansgar,
When you say "bullet-proof a system using a firewall" (I think you said that) people understand you to be saying "using a firewall to make a system secure". It is technically very difficult, if not impossible to make a system secure with a firewall device. You can have all of the proxies in the world and control traffic as much as you like, but there's still a way in.
To "bullet-proof" a system you need to address the system's issues directly, if you don't then the system is still vulnerable as it contains vulnerabilities. 

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Ansgar -59cobalt- Wiechers wrote:

On 2008-07-10 Rivest, Philippe wrote:

It is false and the reason is firewall is just a device to protect
from a few vectors of attack. If you want to bullet proof a system you
need to adopt a broader solution.


Bullet-proofing also "just protects from a few attack vectors". Body
armor does not protect you from drowning or falling out of a 20th story
window, nor does it necessarily protect you from attacks with knives,
grenades or various other weapons.


Firewall wont help:
1- physical attack


Physical security may very well be part of a firewall concept. To some
extent at least.


2- session hijacking


Filtering Proxies may also be part of a firewall concept.


3- virus put into a email


E-mail filtering may also be part of a firewall concept.


4- user browsing & install bad software


User browsing can be proxied, the proxy being part of your firewall
concept. Software installation is actually the only thing in your list
that isn't part of a firewall concept.

A firewall is (or can be) far more than a mere packet filter.

Besides, I didn't say that bullet-proofing a system is the same as
firewalling a system, but that both tasks are equally difficult.

Regards
Ansgar Wiechers

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]