Re: [LUG] XP and firewalls

[kevin bailey <kevin_bailey@xxxxxxxxxxx>]

hi simon,

thanks for the offer of different windows tools.  the guy i work for is 
pretty much MS only - obviously he makes the spending decisions.  the 
last one was for SBS 2000 which has caused us no end of trouble.  i've 
even said that i refuse to work on setting it up any more - i can set up 
linux solutions which are faster/cheaper/more reliable etc. so messing 
around with SBS seems pointless.

we may have ADSL soon because we want to run test websites and DB's on 
our own server before we send it up to co-located servers.  when that 
happens i will probably get in touch RE security and setup.

on the bright side - we now have a (co-located) cobalt server for our 
latest project - which runs linux/apache/postgresql.  the price has been 
the factor here - windows servers are expensive to rent - but when you 
need a DB as well then it starts to get very expensive.

i read the wired article RE the attack GRC suffered - and it was caused 
because someone with the handle wickd (or similar) thought steve gibson 
had called him a mere script kiddie (which he hadn't).  wickd then used 
474 compromised IIS servers to DOS grc.com

steve got to the root of this by pretending to be another cracker (fixed 
a faulty bot program to gain credibility) and then got into their IRC 
chatroom.  he then did a deal to get them to leave him alone.  it was 
above my level but an interesting read.

if you come across the workaround for MS proxy server again i'd 
appreciate seeing it,

thanks,

kev

Simon Waters wrote:

> kevin bailey wrote:
>
> > he does not refute the fact that there is a security problem - but says
> > that more notice should be taken of other security problems like a
> > recent oracle vulnerability.  i would say that an XP vulnerability will
> > have far greater impact.
>
> I think that is a fair view point of itself. I had a horrid
> thought the other day, if someone writes an Oracle SQL*NET &
> NET8 aware worm that tries the default Oracle passwords, and
> e-mails itself, it could wipe out a substantial proportion of
> company databases.
>
>
> > this one claims that steve gibson is 'loopy' and 'talking bollocks'!!!
>
> Steve went over the top in reference to XP making it easier to
> send spoofed packets.
>
> Sending malformed packets is easy on Linux (for root), but
> Windows has required extra software to do this before, XP will
> make it easier.
>
> Spoofed packets are harder to trace back (in theory, some ISPs
> can trace spoofed packets either than genuine ones as they stand
> out like a straw in a needle factory), so yes Steve is right we
> will see more spoofed packets. But since a virus or worm could
> install the extra code Windows need, it is just making it
> slightly easier, and spoofed packets should be dealt with in
> routers and firewall, not on every desktop.
>
> > i don't think the shields-up probe is supposed to be totally
> > comprehensive - just a first point of checking 
>
> Yes - if you want to secure Desktop PC's there are some really
> good "auditing" tools around. Pretending your the attacker is
> fine for quick risk analysis, and double check, but you aren't
> the attacker, you can run a program on every PC to spot
> misconfigurations. This can reduce support effort as well as
> keep things safer.
>
> Compare running "nmap" against your own box to running
> "netstat".
>
> Nmap shows my port 80 open, netstat shows port 80 is listened to
> by "ip_trap" - so the external view looks iffy, the internal
> view reveals a rosier picture.
>
> > - it showed some closed
> > and one (unecessarily) open port on my works win2k server which was
> > useful because my boss has now allocated some resources to locking the
> > box down.
>
> I can spend that for you ;) I resell some Windows lock down
> software (One of my distributors stocks it as a standard line)
> have to admit I haven't sold any as it doesn't run on Linux ;)
> But if your interested in getting details let me know, and I'll
> get a copy for you to look at.
>
> I use to work with S-to-Infinity, they had some products for
> this as well - really cool registry monitor when making registry
> entries read-only was unusual in Windows. Much more useful for
> actually finding out what things applications did to the
> registry than actually locking it down (Which always breaks
> things).
>
> Not sure if S-to-Infinity is around, I never saw it after NT4
> and they were getting into encrypted document management. Nice
> company though - really good attitude to resellers and
> customers.
>
> > > The grc site has taken a lot of flak since Steve got hit by that script
> > > kiddie and went (IMHO) OTT in his response.
>
> I don't know, if your business depends on the Internet
> connection, and some script kiddie takes it out... Steve never
> made people read his documentation of the experience, and I
> gathered some ideas on better designs for big company Internet
> connections from his experiences!
>
> Steve did make a bit of a pratt of himself in a public flame
> war, haven't we all made a pratt of ourselves on Usenet at one
> point? But Steve's heart is in the right place, he tries to help
> people protect their PC's and tries to make a living doing it,
> if he isn't the greatest ever security guru, well Richard
> Stallman might not be the greatest ever programmer but that
> doesn't mean you wouldn't want him to try.
>
> The only thing worse than to try and fail, is not to try.
>
> > anyway - MS have hacked me off too much recently, especially cos their
> > web proxy server - ISA - looks like it only works for IE.  i have tried
> > to use mozilla and netscape in work because IE keeps crashing my machine
> > but the server refuses their requests.  the poor guys at mozilla are
> > trying to find a way around it - i'm thinking of suggesting that they
> > put up a message to the effect that ISA is not a true proxy server but
> > MS specific only.  people should ask for their money back!!!
>
> I'm sure I've seen a workaround for this - other than urm run
> squid or Apache as the web proxy, or let me sell you a nice
> firewall ;)... Why would one use MS Proxy server, a case of
> 'less' costing 'more'. Trusting any security critical
> application to Microsoft is beginning to look like pretty dodgy
> planning, they clearly aren't interested in security, it doesn't
> sell software ---- "Cool Sells", Bill Gates said so, and he
> should know, he has sold more software than any of us.
>
> --
> The Mailing List for the Devon & Cornwall LUG
> Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
> message body to unsubscribe.



--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.