[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Private Address Space and network scans

To: Robert.Gerrish@trimsystems.com, firewalls@Lists.GNAC.NET
Subject: RE: Private Address Space and network scans
From: GibsonB@gruntal.com
Date: Mon, 8 May 2000 11:39:00 -0400


    [ Part 1, Text/PLAIN (charset: ISO-8859-1 "Latin 1")  57 lines. ]
    [ Unable to print this part. ]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Your internal network is only as protected as the device you use to
protect it, in your case an NT firewall.  If someone compromises your
firewall then your network is defensless.  If you have Static NAT then
those hosts set up for Internet access are susceptible.  If you allow
only outbound traffic then any machine that access the Internet directly
is susceptible to spoof attacks.

It really depends on what services your company needs and provides.  If
you do not need to provide any services and only need Web access(HTTP)
then it is fairly simple to reasonably protect your network.   Private
address space, however, does very little to protect your network in
itself.  It is the other components of your network that provide the
security combined with a sound security policy. 

-----Original Message-----
From: Gerrish, Robert [mailto:Robert.Gerrish@trimsystems.com]
Sent: Monday, May 08, 2000 11:23 AM
To: firewalls@Lists.GNAC.NET
Subject: Private Address Space and network scans



Our System Admins in Ohio seem to think that as we are set
up internally on private address space that we are immune to
network scans and have no vulnerabilities.  I think they have
overlooked a few factors.

They are running some type of firewall on NT 4.x.
I would like to pass along comments from the greater
security community.   As I work for them, I couldn't
possibly know anything.

Thanks,

Bob Gerrish
Unix Systems Administrator
Trim Systems, LLC
Seattle, WA
206.762.1410 ext482
Robert.Gerrish@TrimSystems.com

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]



***********************************************************************
Gruntal& Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.

Gruntal& Co., L.L.C.
***********************************************************************

Prev by Date: Re: Private Address Space and network scans
Next by Date: RE: firewalling a windows PDC
Prev by thread: Re: Private Address Space and network scans
Next by thread: RE: Firewall-1 Secure Remote
Index(es):
- Date
- Thread