> -----Original Message----- > From: John Nanas [mailto:JohnNat_private] > Sent: Tuesday, July 13, 1999 10:15 AM > To: firewall-wizardsat_private > Subject: Scanner and Firewall? > > > Hi all- > > Sorry for the simple question, but I'm still relatively new > at this, and all > the reading I could do didn't fully answer my question. I'm pretty new too, ubt I can help with some issues; I assume others will correct any mistakes. > > I'm designing a new network which my company will be > co-locating offsite. > I've spec'd out all the good stuff, including a FW-1 box to > protect the > network, but find myself facing this question - do I need > scanning software > in addition to the firewall? I know that FW-1 has pretty > comprehensive > software (much more than I've taught myself to use, thus far) > with all the > logging, but do I gain something by adding another scanner to > the firewall > box? If, by scanner, you mean IDS, the best way to judge that is to evaluate the cost of attempted intrusions. I run an ids behind my firewall host to make sure that my policy is being applied properly. I do not run an ids outside my firewall, as I do not have the time to check every ping sweep or BO scan anyways; however, ideally I think that's a pretty good idea. If, by scanner you mean some sort of vulnerability scan, then ysea, I think periodic scanning of your hosts from both inside and outside your network borders can help a) identify what a potential intruder would see and b) determine whether you can detect these casual scans, which are often the first stage of an actual attempt. Again, you need to figure out first how much you are willing to spend (which usually means attatching a dollar amount to security, which has always been the hardest part of the job for me). > > Also, does anyone know if there's a book that's accepted as > the bible of > network security (or Internet security)? I've seen a few > texts, but some of > what I've seen thus far are only applicable to Unix networks > (which, I have > the unfortunate position of being in an all NT shop) or are somewhat > outdated.. > Network security is network security; the only difference between OS's ultimately are the specific exploitable weaknesses (imo, perhaps others will disagree). And since those change, your best bet is to subscribe to an nt mailing list. I recommend ntbugtraq and ntsecurity (go to www.ntbugtraq.com). There are also a couple of good white papers on "hardening" an nt box (haha, I know, but it DOES help), one from Trusted Systems, which may help you. The biggest hassle with nt security, though, is the lack of "open" discussion; witness the paranoia that surrounds the disclosure of a new bug in the nt world. As I said though, I have found concepts from the Unix world to be very helpful in the nt world, the only difference for me being in the specific weaknesses to address. The white papers I reffered to can be found at www.microsoft.com/security. HTH -- Henry Sieff Netwerküberkommander Orthodontic Centers of America (504) 834-4392 ext.135 > Thanks for any help, > John Nanas > Network Systems Engineer > The Princeton Review >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:33:15 PDT