Tuesday, April 27, 2010

firewall-wizards Digest, Vol 48, Issue 12

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: DNS Names for external services (Dave Piscitello)
2. Re: Firewall best practices (ArkanoiD)


----------------------------------------------------------------------

Message: 1
Date: Tue, 27 Apr 2010 09:49:15 -0400
From: Dave Piscitello <dave@corecom.com>
Subject: Re: [fw-wiz] DNS Names for external services
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4BD6EB5B.2020802@corecom.com>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

If you are not up to running a Honeypot, run a "learning opportunity"
server.

Let him sign in.

Put a README file on the server. In the README say

"IT uses this server to store malware and spyware, DO NOT INSTALL
APPLICATIONS OR EXECUTABLE FILES YOU FIND HERE"

Create an executable that pops up a message

"DID YOU NOT READ THE README?
WHY ON EARTH ARE YOU INSTALLING THINGS YOU KNOW NOTHING ABOUT?
/headslap"

You can do this with ww.$yourcompany.com and wwww.$yourcompany.com, too,
and you'll protect yourself from DNS response modification in the process.

Andre Lima wrote:
>
>> What happens when one of your legit users says "I wonder if we have an
>> FTP server?" and tries ftp.$YOURCOMPANY.com just to see if it answers?
>>
>>
> Since it's a honeypot and not a production system, the legit user just
> won't be able to sign in and give up by the very first attempt.
>
> - Lima
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100427/a8a456dd/attachment-0001.bin>

------------------------------

Message: 2
Date: Tue, 27 Apr 2010 01:15:36 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] Firewall best practices
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Cc: mjr@ranum.com
Message-ID: <20100426211536.GA7743@eltex.net>
Content-Type: text/plain; charset=koi8-r

..and even opensource ones do these days ;-)

On Fri, Apr 23, 2010 at 12:18:46PM -0700, david@lang.hm wrote:
> >
> >If an application emulates HTTPS traffic and is proxy aware, how do you
> >tell
> >the difference?
>
> There are firewalls on the market that can decrypt HTTPS traffic (and I
> believe be configured to block any traffic that they can't decrypt)

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 48, Issue 12
************************************************

No comments:

Post a Comment