Security World

Send firewall-wizards mailing list submissions to
	firewall-wizards@listserv.icsalabs.comTo subscribe or unsubscribe via the World Wide Web, visit
	https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
	firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
	firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."

Today's Topics:
   1. FYI: DDOS services for sale... (Darren Reed)
   2. Re: 2nd Life (Scott Pinzon)
   3. Re: 2nd Life (Steven Osman)
   4. Re: 2nd Life (Tim Shea)
   5. Re: 2nd Life (Matej)

----------------------------------------------------------------------
Message: 1
Date: Fri, 09 Nov 2007 11:26:43 -0800
From: Darren Reed <darrenr@reed.wattle.id.au>
Subject: [fw-wiz] FYI: DDOS services for sale...
To: Firewall Wizards Security Mailing List
	<firewall-wizards@listserv.cybertrust.com>
Message-ID: <4734B473.6060605@reed.wattle.id.au>
Content-Type: text/plain; charset=ISO-8859-1
I can't comment on how common this kind of advertising is,
only that this is the first time I've seen it...
Darren
"DDOS servise
Elimination of sites of your competitors quickly and qualitatively!!!
icq 4XXXXXXXX"

------------------------------
Message: 2
Date: Fri, 9 Nov 2007 10:17:55 -0800
From: "Scott Pinzon" <Scott.Pinzon@watchguard.com>
Subject: Re: [fw-wiz] 2nd Life
To: "Firewall Wizards Security Mailing List"
	<firewall-wizards@listserv.icsalabs.com>,
	<firewall-wizards@listserv.cybertrust.com>
Message-ID: <3D915BF7F7E8F744AA4F6E2A9BC4865703037031@VS02SE.wgti.net>
Content-Type: text/plain; charset="us-ascii"
I don't know if there is any room left to question management's decision
to enter Second Life, but I found Wired's recent article eye-opening.
Coca-Cola spent a lot to build a sizable "Virtual Thirst Pavilion" in
Second Life.... and according to Wired, had 27 individual visitors in 3
months. For more in a similar vein, check out "How Madison Avenue is
Wasting MIllions on a Deserted Second Life."
http://www.wired.com/techbiz/media/magazine/15-08/ff_sheep?currentPage=a
ll

Apologies for not answering the technical question, but I'm with those
who are asking "Why does an insurance company need Second Life?" If it
can be used to cut travel costs by virtual conferencing, okay. But if
they think they're getting massive exposure to potential customers,
maybe the place should be called Second Thought.
D. Scott Pinzon, CISSP, NSA-IAM 
Editor-in-Chief, LiveSecurity Service 
WatchGuard Technologies, Inc. 

________________________________
	From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of
Bonny_Allen@doh.state.fl.us
	Sent: Friday, November 09, 2007 8:06 AM
	To: firewall-wizards@listserv.cybertrust.com
	Subject: Re: [fw-wiz] 2nd Life

	I second that Timothy. Its obvious the poster "knobody" is
unaware of the current trend, right or wrong, to perceive SL as a likely
business tool - IMHO a parallel to all the politicians using MySpace and
Facebook to attempt to reach voters. I am aware of industries that are
using it to recruit and businesses that use it to conduct job
interviews.

	It is always good to Google if one finds oneself lacking
knowledge about, say "possible business uses of Second Life" before
publicly making off the cuff negative (a kinda nasty to boot) remarks
about another person's place of business. Examples I found:

http://www.digitalfutureblog.org.nz/digital-strategy-v2/using-second-lif
e-as-a-business-tool/

http://blog.worldvillage.com/games/a_second_life_quick_start_powerful_bu
siness_tools_for_the_sl_newcomer.html

	Best, 

	 - Bonny

________________________________
	From: firewall-wizards-bounces@listserv.cybertrust.com
[mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of
Timothy Shea
	Sent: Friday, November 09, 2007 9:44 AM
	To: Firewall Wizards Security Mailing List
	Subject: Re: [fw-wiz] 2nd Life

	Your comments are troubling.  What possible reason do you have
to put down another organization or a person based on something you
don't like?  The guy is trying to do a job and your comments are
helpful.
	I have worked for companies that have valid business reasons for
all sorts of stupid and lame things.  In the case of Second Life - one
of the organizations I helped out in the last year had a marketing
presence on Second Life.  I have helped out or worked for organizations
that an approved segment of the user base actively cruised porn sites.
Why?  Because they many of their best customers operated such sites
(always paid on time and usually in cash).
	So please spare us your moral outrage.
	t.s

	On Nov 8, 2007, at 9:47 AM, Brian Loe wrote:

		On Nov 6, 2007 3:49 PM, DRISCOLL, ROBERT
<ROBDRI@safeco.com> wrote:

			Hello, 
			I wanted to get some feedback on a request to
allow Second Life through our network.  I was hoping that perhaps
someone has experience with this application and can let me know what
steps they took to mitigate the risks. 

		I'm sorry I can't offer any technical advice on this
subject but I am dying to know what the possible business purpose for
such access is?! If your posting e-mail address is an indication of the
company you're doing this for... well, I'll keep that in mind when it
comes to my next insurance purchase (I like the teensurance idea)! 

		I'd feel bad if you got in trouble using your company
e-mail address when posting here, and especially posting such comments.
However, if you do get in trouble I think you'll have grounds for a
lawsuit - after all, they would be recognizing the problem of you
letting it be known that they have games running on their network which
means they'd be recognizing how bad of an idea such access is. Unless,
of course, there's some very interesting business need for it. 
		_______________________________________________
		firewall-wizards mailing list
		firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20071109/7d51c31d/attachment-0001.html

------------------------------
Message: 3
Date: Fri, 9 Nov 2007 03:48:15 -0800 (PST)
From: Steven Osman <sosman@terratron.com>
Subject: Re: [fw-wiz] 2nd Life
To: Firewall Wizards Security Mailing List
	<firewall-wizards@listserv.cybertrust.com>
Message-ID: <Pine.LNX.4.64.0711090344530.3625@window.terrahome.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Well, that's all true, and not to offend anyone on the list or anything, 
but there's a reason that folks who are hired to do PR and marketting are 
not the same folks who are hired to secure networks.
We're "reasonably" good at what we do, let's trust that other folks are 
"reasonably" good at what they do, whether we understand it entirely or 
not.
It's always easier to just say no to everything, but then nothing gets 
done.
Sauce
On Fri, 9 Nov 2007, Keith A. Glass wrote:
>> -----Original Message-----
>> From: Brian Loe [mailto:knobdy@gmail.com]
>> Sent: Thursday, November 8, 2007 03:47 PM
>> To: 'Firewall Wizards Security Mailing List'
>> Subject: Re: [fw-wiz] 2nd Life
>
>> I'm sorry I can't offer any technical advice on this subject but I am dying
>> to know what the possible business purpose for such access is?! If your
>> posting e-mail address is an indication of the company you're doing this
>> for... well, I'll keep that in mind when it comes to my next insurance
>> purchase (I like the teensurance idea)!
>
> It's currently trendy for companies to establish a presence in Second Life for their company. That requires access to the game, etc.  I think it's a waste of time and effort, but for some reason, the press is in love with Second Life.  And so, to generate good press, some outfits establish a presence there.
>
> Think of it as WOW for Accountants  (evil grin)
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>

------------------------------
Message: 4
Date: Fri, 9 Nov 2007 12:29:35 -0600 (CST)
From: "Tim Shea" <tim@tshea.net>
Subject: Re: [fw-wiz] 2nd Life
To: "Firewall Wizards Security Mailing List"
	<firewall-wizards@listserv.icsalabs.com>
Message-ID:
	<9111.199.250.8.220.1194632975.squirrel@blow.dandelionpatch.net>
Content-Type: text/plain;charset=iso-8859-1

At the risk of extending this OT conversation past its useful life I'll
respond. I reread your e-mail and mine.  Besides the fact that I didn't
spell some words right or put them in their proper order I stand by it.
You may roll your eyes at 2nd life, you may think 2nd life is a den of
evil-doers that kick puppies, or you may think its an over hyped social
community with an unsustainable business model that will eventually
collapse under its own weight (that's my present thinking) - but you
cannot deny companies have a legitimate business interest in exploring
ways to sell themselves within online social communities (no matter how
lame).  And these types of requests are to be expected.  Its our job to
figure out ways to deliver without giving up the store.
So this gentlemen asked a legitimate question.  Paul's answer, as always,
was a good one.  What did you do?  You insulted him and his company based
on little or no information in a public forum.  This industry is screwed
up enough without insulting colleagues who are trying to do the right
thing.
That's the last I'll say about this.
> On Nov 9, 2007 8:44 AM, Timothy Shea <tim@tshea.net> wrote:
>
>>
>> So please spare us your moral outrage.
>>
>> t.s
>>
>
> Moral outrage?
>
> I'm not sure what you read, or where, but it certainly wasn't the e-mail
> you
> quoted.
>
> He works for an insurance company. My insurance company has more info on
> me
> than my wife. I don't want that information given up to some script
> kiddie!
>
> I won't comment on your former employers - I keep my moral interests and
> concerns to myself...
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
------------------------------
Message: 5
Date: Fri, 9 Nov 2007 20:19:56 +0100
From: Matej <weselkorula@gmail.com>
Subject: Re: [fw-wiz] 2nd Life
To: "Firewall Wizards Security Mailing List"
	<firewall-wizards@listserv.icsalabs.com>
Message-ID:
	<6e4638190711091119s60b93380ifa5f5ccb8a670760@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Just some thoughts:
-a bastian host is a good idea, but I would suggest a Linux server for the
setup, that might reduce your hardware costs
-the best way to open those ports, would be to restrict them by source and
destination addresses (in the example we narow down the scope)
My idea:
You could use a virtualization product. I had some positive experiance.
Posible setup:
I'm going to asume that your company uses M$ for the choise desktop. One
might consider seting up Vmware server (whitch is free) and a minimized  OS
instaled within(linux again). Runing on another subnet. Instaled on each
client that has the need. The physical layer is the same, but there are
benefits. Each of those clients could be a bastian host. Creating a bastian
subnet. That way the users have full functionlity.
But there is a mayor consideration. A bug in vmware could expose the other
subnet.

What are your thoughts?
On Nov 9, 2007 5:36 PM, Brian Loe <knobdy@gmail.com> wrote:
>
>
> On Nov 9, 2007 8:44 AM, Timothy Shea <tim@tshea.net> wrote:
>
> >
> > So please spare us your moral outrage.
> >
> > t.s
> >
>
> Moral outrage?
>
> I'm not sure what you read, or where, but it certainly wasn't the e-mail
> you quoted.
>
> He works for an insurance company. My insurance company has more info on
> me than my wife. I don't want that information given up to some script
> kiddie!
>
> I won't comment on your former employers - I keep my moral interests and
> concerns to myself...
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20071109/95cf319c/attachment.html

------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

End of firewall-wizards Digest, Vol 19, Issue 5
***********************************************

Security World

Friday, November 09, 2007

firewall-wizards Digest, Vol 19, Issue 5

No comments:

Post a Comment