|
Security Basics
mailing list archives
RE: Network Segregation to prevent spread of malware
From: David Gillett <gillettdavid () fhda edu>
Date: Thu, 24 Jan 2013 00:04:24 +0000
You can't, generally speaking, totally segregate your network without (unacceptably!) crippling legitimate activity.
What you *CAN* hope to do is force SOME traffic, including most non-routine traffic, to traverse a few "choke points"
where your IDS gets to examine and log whatever packets you can't automatically discard as inappropriate.
That can be a big improvement over simply trusting everything that has physically walked into your network to get
intimate with critical internal systems...
David Gillett
CISSP CCNP
-----Original Message-----
From: Rob [mailto:synja () synfulvisions com]
Sent: Wednesday, January 23, 2013 05:07
To: Jerry Bell; listbounce () securityfocus com; tomright006 () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Network Segregation to prevent spread of malware
Additionally, the services commonly used for worm propagation (RDP/TS, RPC, etc) are also used heavily for domain
operations anyway.
For many environments this would be one step forward, two steps back in terms of security.
Rob
Sent on the Sprint(r) Now Network from my BlackBerry(r)
-----Original Message-----
From: Jerry Bell <jerry () riskologist com>
Sender: listbounce () securityfocus com
Date: Wed, 23 Jan 2013 07:07:25
To: tomright006 () gmail com<tomright006 () gmail com>
Cc: security-basics () securityfocus com<security-basics () securityfocus com>
Subject: Re: Network Segregation to prevent spread of malware
Hi Tom,
The answer is 'it depends', but probably no. If you are talking about a classic company network and dividing
workstations into separate networks to prevent cross contamination, you have to consider the pivot points for most
malware - email, file shares, etc, which can still allow malware to propagate between networks even if no traffic is
allowed directly between them. Some kinds of malware, notably worms who propagate directly from one system to another
via some kind of remotely exploitable vulnerability, would be contained by network segmentation, however those sorts of
events are becoming increasingly rare (however when they do happen, they tend to be big events).
Jerry
Sent from my iPhone
On Jan 22, 2013, at 5:33 PM, tomright006 () gmail com wrote:
Hello All,
I need few tips on Network Segregation to prevent spread of Malware. Can I avoid Malware spreading from one network
segment to another just by segregating network with access list or firewalls?
Thanks,
Tom
----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this
guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it
benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and
who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
