Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: risk level associated with VPNs?

RE: risk level associated with VPNs?

From: Desai, Ashish <Ashish.Desai_at_fmr.com>
Date: Mon, 7 Feb 2005 10:26:58 -0500

 
Most companies got hit with the SQL Slammer worm in this manner.
(http://www.cs.berkeley.edu/~nweaver/sapphire/)

Employees (developers) running unpatched SQL Server got hit
when they connected their laptops to the Internet from home.

They activated their VPN to connect to get to work.
BLAM! Company machines get hit.
What was interesting was most companies knew about having unpatched
machines
in the internal networks but never got the courage to shut them down.
Afer learning the hard way, now companies are getting smarter and
shutting
down internal ports if they detect via a network scan that you have
unpatched software.

The problem with big companies is that its hard to notify the owner when
they shut off the internal network port as the asset tracking systems
are not good and they don't know the human owner at the end of an
internal company
jack. So the developer just plugs into another live jack and the
cycle is never ending. I think universities are better at this problem
as
they require a username to every MAC address. Maybe we might
see the day of 801.X auth for desktop machines someday.

On another note, anyone have ideas on best ways to handle firewall/ACL
rule mgmt.
I don't see people setting up feedback loops, where based on allow/deny
stats
people would remove unused ACL's from the network device. The argument
is, some
ACLS are only used in DR/Failover so we don't see stats. My counter
argument
has been you better do a DR/Failover test every month else you have no
clue
on whether DR will even work ;-) People don't clean up ACLS until their
system
performance starts to go down. Oh Why? Oh Why?

Ashish Desai (Logmaster)

-----Original Message-----
From: Avishai Wool [mailto:avishai_w_at_yahoo.com]
Sent: Thursday, February 03, 2005 5:55 PM
To: firewall-wizards_at_honor.icsalabs.com
Subject: [fw-wiz] risk level associated with VPNs?

......deleted....

Thoughts anyone?
Any credible war stories about malware/abuse traveling over VPNs?
Or are the customers right and I'm being paranoid?
 (please don't respond that "the customer is always right" :-)

Thanks,
  Avishai

=====
Avishai Wool, Ph.D.,
http://www.algosec.com http://www.eng.tau.ac.il/~yash
yash_at_acm.org Tel: +972-3-640-6316 Fax: +972-3-640-7095

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 11 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos