RE: CRIME Software firewall recommendations

From: Andrew Plato (aplato@private)
Date: Mon Jun 02 2003 - 23:52:48 PDT

  • Next message: Dorning, Kevin E - DI-3: "RE: CRIME Software firewall recommendations"

    Since most organizations are not in a position to lock up their Windows-users, the obvious addition to this solution is to harden the remote system, use a good anti-virus solution and host-based intrusion detection/protection. This will greatly lower the risk of trojans, spyware, and remote hacking.
    
     
    
    Ideally a centrally managed host-IPS solution should be used. Also, host-IDS/IPS is not the same as a "personal firewall." Personal firewalls do firewalling and application controls, which is not enough. A good host-IPS solution monitors traffic and system events for known attack patterns and suspicious activity as well as firewall and application controls. 
    
     
    
    Had IBM been running a host IPS like RealSecure or Okena (my faves) they would not have gotten such a bad Code Red infection. Host IPS could have automatically blocked the attack without any user intervention required. It would have prevented initial infections and contained the spread infections on systems not running host-IPS. 
    
     
    
    ___________________________________
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    Enterprise Security &
    Infrastructure Solutions
    
    503-644-5656 Office
    503-644-8574 Fax
    503-201-0821 Mobile
    www.anitian.com
    ___________________________________
    
     
    
    -----Original Message----- 
    From: Crispin Cowan [mailto:crispinat_private] 
    Sent: Mon 6/2/2003 9:37 PM 
    To: Nick Murphy 
    Cc: crimeat_private 
    Subject: Re: CRIME Software firewall recommendations
    
    
    The main actual risk factor here is in allowing a Windows user to have
    any kind of remote access through your firewall, even if it is done with
    a direct dialup connection using a highly secure call-back modem. The
    common failure mode is that the dufus ^W windows user will go surfing
    the Web, download some trojan or virus of some kind, and then infect the
    internal LAN when they connect.
    
     
    
    



    This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 00:19:24 PDT