'[1]Firewalls-Digest V6 #38'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    [1]Firewalls-Digest V6 #38
From:       "Michael Fitz" <michael.fitz () qm ! sprintcorp ! com>
Date:       1997-01-29 12:04:25
[Download RAW message or body]

                      [1]Firewalls-Digest V6 #38                   =
1/29/97

This is an automated response...my Quickmail account is no longer =
operational.  Please resend this message, addressed to my OpenMail =
account (OM). 

Your patience is appreciated as we move to the new system.

------------------------------
Date: 1/28/97 4:11 AM
To: Fitz, Michael
From: Firewalls@GreatCircle.COM

!!! Original message was too large.
!!!
!!! It is contained in the enclosure whose name
!!! is the same as the subject of this message.
!!!
!!! A preview of the message follows:


Firewalls-Digest       Tuesday, January 28 1997       Volume 06 : Number =
038



In this issue:

        Re: Journalism and security.
        Re:  Altavista firewall, configuration help!
        RE: Journalism and security.
        RE: OFF TOPIC: Looking for SNMP Remote Monitoring Companies
        [none]
        [none]
        RE: Journalism and security.
        RE: Journalism and security.
        Re: Securing Web Servers
        Re: FIREWALL-1 User authentication problem
        Re: Journalism and security.
        Re: Virus Scan....
        Firewall - 1 GUI and Filter on seperate comp.

See the end of the digest for information on subscribing to the Firewalls
or Firewalls-Digest mailing lists and on how to retrieve back issues.

----------------------------------------------------------------------

Date: Tue, 28 Jan 1997 08:22:25 +1100 (EDT)
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: Journalism and security.

>********************************************************************
>  Thanks for sending the reports.  I think this demonstrates a
further
>  negative with most firewalls today which I probably talk about in
my
>  next firewall review.  That is why should you have to go through
this 
>  type of daily report to try and decifer what is a legitimate threat

>  and what isn't.  The firewall should tell you.  Yes, I know most 
>  firewalls tell you when an actual break has been made, but what
about 
>  having the intelligence to somehow predict the attempt.  Not just
the 
>  known threats, but built-in logic for unknown threats.  I haven't 
>  worked out how one could do this yet, but I'm working on it.
>
>  What do you think?

I deleted the original already, BUT....

if you filter out all the warnings from "known" attack patterns then
all you have left is what you don't know about or recognise.  I'd
hazard a guess that that's what you _really_ want to know about, the
wheat amongst the chaff so to speak.

Darren

------------------------------

Date: Mon, 27 Jan 1997 18:31:34 -0300
From: Ruben Sajnovetzky <ruben@is.com.ar>
Subject: Re:  Altavista firewall, configuration help!

Jose Luis wrote:


> Well, I have installed now, my Altavista firewall for NT version 4.0
> and these are my questions:
>
> 1.- How I can setup ftp proxy?

Take care, all proxys you have on Altavista is from intranet through
internet, not viceversa.

See on proxy's configuration section, you have options for smtp (e-mail)
and http (web), not ftp. You need to define a "generic proxy" but you
can't use standard ftp port (is in use by ftp's firewall itself).

> 2.- The same like above for Telnet proxy!!

The same, you need to define a "generic proxy" with filters by ip
addresses.

> 3.- The same for my Web proxy!

THe same as before.

> 4.- How I can configure the: Hand Held Authenticator?

You need to by the cards, you don't need additional software but you
need the cards.

> I'm relatively new in Firewalls

Welcome :-)
Regs.
Ruben

------------------------------

Date: Mon, 27 Jan 1997 16:56:34 -0500
From: "McMahan, Peg" <PMcMahan@v-one.com>
Subject: RE: Journalism and security.

> >  known threats, but built-in logic for unknown threats.  I haven't 
> >  worked out how one could do this yet, but I'm working on it.
> >
> >  What do you think?
> 
> I deleted the original already, BUT....
> 
> if you filter out all the warnings from "known" attack patterns then
> all you have left is what you don't know about or recognise.  I'd
> hazard a guess that that's what you _really_ want to know about, the
> wheat amongst the chaff so to speak.
> 
I don't think this is what the journalist is trying to get across. They
want the firewall to tell it's OPERATOR what is what. "Hey
firewalladmin! I'm being portscanned right now!" "Hey operator! Someone
is trying to use netcat to flood the syslog!". First off, it's not going
to happen, there's too many unique and configurable utils that will set
off alarms on the firewall.  

They're not talking about separating the wheat from the chaff, they're
talking about making it so that a kindergartner 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic