Good points Laura, and I fully agree with them. One area that is often overlooked when
deploying new servers or services is the architecture itself. Quite often a change in
the network architecture itself can go a long ways in helping secure not only service
itself, but also the internal network in case of a breach. This is not a popular option
though I have found as many see it as too labour intensive or complicated.
Kind regards,
Don
-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------
On Apr 13, "Laura Taylor" <ltaylor_at_relevanttechnologies.com> wrote:
I think it would help if you were a little more specific. Depending on the
application and the operating system, there is a good chance you may use a
difference approach. If the server that is running a Microsoft operating
system you can use automated security templates .inf files to lock it down
so tight that leading scanners will not be able to discover that it is a
Windows box however it is very different if you are talking about a UNIX
server. If you are trying to secure an application, intrusion prevention
works well. If you are trying to secure a DNS server, you use a different
approach than say if you are trying to secure a SQL server. The best bet is
to use a layered approach where you apply security the application, the
operating system, and the infrastructure.
--
Laura Taylor
Relevant Technologies, Inc.
www.relevanttechnologies.com
-----Original Message-----
From: firewall-wizards-admin_at_honor.icsalabs.com
[mailto:firewall-wizards-admin_at_honor.icsalabs.com]On Behalf Of Lazlò
Carreidas )
Sent: Wednesday, April 07, 2004 6:58 AM
To: firewall-wizards_at_honor.icsalabs.com; focus-IDS_at_securityfocus.com;
security-management_at_securityfocus.com
Subject: [fw-wiz] Looking for papers on protecting servers
My fellow experts,
I have been requested to write a document that would describe the different
means to "protect" a specific server in a datacentre (except for the
continuous patching process, of course...)
There are several possibilities (individual or combined):
- firewall as a "datacentre door"
- firewall (kind of "personal") over the server
- good HIDS and NIDS
- some kind of "security agent" that would raise an alert when needed
- etc...
I am looking for opinions, papers, etc... that could help me writing this
document.
Thank you for your help
Lazlò
[Sorry for the multiple post]
__________________________________________________________________
Introducing the New Netscape Internet Service.
Only $9.95 a month -- Sign up today at <a
href='http://isp.netscape.com/register'>http://isp.netscape.com/register</a>
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at <a
href='http://channels.netscape.com/ns/search/install.jsp'>http://channels.netscape.com/ns
/search/install.jsp</a>
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
<a href='http://honor.icsalabs.com/mailman/listinfo/firewall-
wizards'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards</a>
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
<a href='http://honor.icsalabs.com/mailman/listinfo/firewall-
wizards'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards</a>
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 19 2004
Intro
