Slashdot Mirror

← Back to Stories (view on slashdot.org)

Multi-Layer Security Platforms

Posted by ryuzaki0 on from the lock-it-down dept.

An anonymous reader writes "ITO has published a comprehensive article on the new meaning of unified security management: 'In the not too distant past, the information security needs for most organizations were fairly straightforward. From a technology perspective, core defenses included a handful of perimeter-based firewalls to policing traffic originating from the Internet, along with software at desktops, and perhaps email gateways, to counter the emerging threat from viruses.'"

3 of 60 comments (clear)

  1. Re:An interesting read by drpimp · · Score: 2, Informative

    One well know place to start

    http://www.sans.org/

    --
    -- Brought to you by Carl's JR
  2. Re:Security by slashjunkie · · Score: 2, Informative

    But ICMP? Users don't usually need to ping.

    ICMP entails quite a bit more than just ping. If the PC is unable to receive "network/host/protocol/port unreachable", they'll just sit there stupidly until the connection times out. "TTL expired" and "needs fragment" are also fairly important.

    I think that if you run the protocols on nonstandard ports and close those on your external firewall, you should be OK. Admins need a remote desktop app to troubleshoot. Nothing is more useless than having a user describe a problem. If they can show you the prob, it can be cleared quickly.

    If you run services on nonstandard ports, you're only going to stop the dumbest of hackers. Anyone with a clue will portscan your box, to see what's open. From there, it's relatively easy to identify the protocol bound to a particular port. Security through obscurity is not really security. As for blocking ports on a firewall, of course, that is standard practice. But often the threat these days is within an organisation. Most LAN's have very little network security, once inside the perimeter. Crunchy on the outside, soft and chewy on the inside.

    I agree however, it's useful to be able to take remote control of a user's desktop. Citrix has such a feature built in, called "shadowing a session". Of course, that's in a Citrix environment, not an XP desktop environment.

    And no one should be getting ZIPs, RARs, EXEs, and the like. The smart ones begin renaming the extension.

    Even open source mail scanning gateways such as Amavisd-new support banned filename extensions. Couple that with ClamAV, and scan all attachments not yet banned, including recursive scanning of compressed archives, and you get quite a bit of security for very little cost. I've seen this solution fare better than commercial ones, which failed because the virus was a ZIP inside a ZIP.

    Images can link to external servers and be used to verify good IP and e-mail addresses.

    True... which is why most email clients these days do not display images (and thus invoke the HTTP connection to retrieve that invisible 1px image) by default. This kind of thing can also be prevented by having a web proxy that only allows access to whitelisted sites.

    Still, you have to give users read/write to their group folders.

    Yes you do, there is no way around that. All you can do is give people access to the minimum amount possible. Beyond that, backups are really your only safety net.

  3. Puffy! by astra05 · · Score: 2, Informative

    My security solution that handles 95% of what I need is OpenBSD (plus a couple of ports) The documenation is awesome as is the community, and it is built to be proactively secure. Give it a try: http://www.openbsd.org/

    --
    Live Free