1.  Home
  2. MIDRANGE-L
  3. November 2003

RE: how we will program in the future

Regarding MSblast and other things of that ilk, they can also get on the
network through a home PC/laptop that acquired the infection while at
home and spread it to the corp. network once it was connected by either
bringing it to the office or by VPN.  Basically bypassing the firewall.
In a corporate office, the VPN gateway may have another firewall layer
to go through and still provide some protection but branch offices
rarely go to that expense.

I would add that some of the Microsoft buffer overflow faults only need
port 80 to work.  The trojan is passed through a port 80 request and the
unprotected/flawed IIS box ends up executing the code.  The executed
code uses port 80 to talk to the mother ship.  As such, an IIS install
that is not properly patched is still more 'dangerous' than most other
web servers.

-----Original Message-----
From: Adam Lang [mailto:aalang@xxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, November 10, 2003 1:59 PM
To: Midrange Systems Technical Discussion
Subject: Re: how we will program in the future


Ok, here is a short tutorial on internet security.

The servers that need to be accessed directly by the public are NEVER
directly on the public line.  You have the public ip line go into a
firewall that blocks all incoming traffic.  You have your server behind
the firewall. Then, depending on the services you are offering, you only
open those specific ports on the firewall to that specific server.  This
way you can specifically comepnsate for the traffic you expect.

When MSblast brougth down everyone a coupel months ago, it is because a
lot of boneheaded network admins had port 135 eitehr open on their
firewall or no firewall at all.  There is never a legitimate reaosn for
that traffic to coem in formt eh public.

As David said, if you are jsut offering web pages, only port 80 should
be allowed, ebcause there is no reaosn for soemthign else.  That way, fo
there is somethign insecure, you eliminate the method to attack it.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.