Re: Firewall Client Extremely Chatty

From: "Will" <westes-usc@xxxxxxxxxxxxxx>
Date: Tue, 16 Jan 2007 11:29:06 -0800

"Asher_N" <ashernat@xxxxxxxxx> wrote in message
news:Xns98BA71603A4941203214562@xxxxxxxxxxxxxxxx

Then get something like SurfControl or Websense. The reporting will give
you what you need.

I'm not talking about employees reading personal e-mail. I'm talking about
a hacker taking control of an internal machine by doing a reverse IP out of
the network, possibly on a non standard port.

ISA's primary function is to protect the network perimeter. It does that
very well. The underlying assumption is that it will stop a user from
using a protocol they are not authorized to and allow them those that
they have access to. What the actual traffic is at that point is none of
ISA's concern. If you are allowed to use HTTP, ISA really does not care
what sites you go to.

That's utter nonsense. In addition to implementing a policy for *both*
incoming and outgoing traffic, another primary role of any firewall is to
help its owner characterize all traffic that enters or leaves a network.
That is what a log is meant to do. And when a machine is compromised by a
rootkit virus and hides its own activity from applications running on the
affected machine, it's often the firewall console that is your first
meaningful glimpse into that activity.

If you don't mind my asking, why are you so paranoid about your outbound
traffic?

Because 95% of all computer infections start from inside the network. It's
a very difficult thing to penetrate from the outside coming in. It's a
very easy thing to infect a user's browser and then start to tunnel back
out.

Anyone who isn't paranoid about that doesn't understand the nature of the
threat at all.

--
Will

.

References:
- Firewall Client Extremely Chatty
  - From: Will
- Re: Firewall Client Extremely Chatty
  - From: Will
- Re: Firewall Client Extremely Chatty
  - From: Will
- Re: Firewall Client Extremely Chatty
  - From: Will
- Re: Firewall Client Extremely Chatty
  - From: Asher_N

Prev by Date: Re: Firewall Client Extremely Chatty
Next by Date: Direction paradigm? n00b question
Previous by thread: Re: Firewall Client Extremely Chatty
Next by thread: Re: Firewall Client Extremely Chatty
Index(es):
- Date
- Thread

Relevant Pages

Re: reverse DNS resolution...
... We're trying to get reverse DNS resolution for a block of IPs ... We've had the 10.x network working great at the office ... your DNS needs to be authoritative for both forward and reverse. ... If you are trying to do this for less then a /24 block the zone files ...
(freebsd-questions)
Re: reverse DNS resolution...
... We're trying to get reverse DNS resolution for a block of IPs ... We've had the 10.x network working great at the office ... your DNS needs to be authoritative for both forward and reverse. ... IN PTR user1.vpn. ...
(freebsd-questions)
Re: ssh login issue
... Anyone know why this is happening when I remotely ssh in to a 5.3p amd64 ... reverse mapping checking getaddrinfo for athlon failed - POSSIBLE BREAKIN ... People have suggested a mis-configured named setup, ... The local network is small ...
(comp.unix.bsd.freebsd.misc)
Reverse connection on VNC not working on WinXP
... I installed on several terminal on a network TightVNC with reverse ... connection. ... this network I have 4 Win98 and 2 WinXP. ...
(microsoft.public.isa)