A Digital Age Deserves A Digital Leader

security question

Postby NT50 » Wed May 31, 2006 3:28 pm

augie wrote:
NT50 wrote:Anyway... Some shoudl use the software firewall. Me I push my power button :)


I hope you never get your first breach. It's better than nothing on a broadband connection. :yesnod:


You are correct Augie.... I hope I never do. The only system that runs full time in my house is my Server 2003 Enterprise. I do have AD setup on it and I use it for file backup. I do not use it for DHCP or anything else. I have considered putting a firewall on it but it seems to be fairly secure on its own.

I have 3 notebook PCs that are on onlywhen in use. I have a PPC iBook Mac and a MacBook that are on only durin guse. The desktop PC (gaming / expermental) is on durin guse only also. The majority of my PC's are only on when in use. That is the reason I do not have a software firewall "yet".
Dogs Have Owners; Cats Have Staff
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle

Postby Mike G » Sat Jul 08, 2006 9:04 pm

Get rid of Norton, turn the firewall on on your router and install PerrGuardian. BTW, whats wrong with having a DMZ? :unsure:
PRO Level 2
Posts: 15
Joined: Mon Jun 12, 2006 8:43 pm
Location: England

Postby kd1966 » Sat Jul 08, 2006 9:06 pm

The only thing "wrong" with a DMZ is that is a "DMZ", meaning that it is totally opened/avaliable to the Internet. Once you put a system in the "DMZ", you make your admin job that much harder to protect it....... that's all
PRO PLATINUM
User avatar
Posts: 6831
Joined: Tue Aug 09, 2005 2:00 am
Location: USA - GSO - NC

Postby Mike G » Sat Jul 08, 2006 9:40 pm

Thanks for that, thought as much, however we need DMZs for webmail/Nfuse etc, as long as their access into the internal network is secured things are generally OK :roleeyes


__________________
Never let your sense of morals prevent you from doing what is right
PRO Level 2
Posts: 15
Joined: Mon Jun 12, 2006 8:43 pm
Location: England

Postby NT50 » Sat Jul 08, 2006 9:54 pm

Mike G wrote:Thanks for that, thought as much, however we need DMZs for webmail/Nfuse etc, as long as their access into the internal network is secured things are generally OK :roleeyes


__________________
Never let your sense of morals prevent you from doing what is right


DMZ... Webmail??????/Nfuse?????? I do not understand what you are trying to accomplish. Are you running email service inside?

I can access my webmail (Internet) with DMZ turn off.


I am confused on why you need DMZ turn on. This opens the doors to hackers.....
Dogs Have Owners; Cats Have Staff
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle

Postby SCgone » Sat Jul 08, 2006 10:09 pm

There's nothing wrong with a DMZ if it's set up right. Say you're running a public FTP, and the server is installed in the general users networks, then if a malicious hacker cracks the FTP server, thanks to NIS/NFS services and trusted systems on Unix hosts, or generic Windows NT/2000 security, the hacker can have access to pretty much the whole network. If the FTP server is on a completely different, unrelated network then once the malicious hacker hacks the network the absolute best they can do is access to the hosts in the DMZ. At worst, they could trash the FTP, but that's it.
All a DMZ is doing is moving any network services that need to go to the outside to a separate network. All that said, I would be very careful when I set up a DMZ, and then only use it if I HAVE to open part of my network up for an email or FTP server.
For that matter, if you want to make a router even more secure, forward your dmz to a non-existent IP address.
PRO PLATINUM
Posts: 6879
Joined: Thu Mar 14, 2002 11:59 pm
Location: South Carolina, USA

Postby Mike G » Sun Jul 09, 2006 1:05 pm

NT50, need a DMZ to provide the initial access for people who don't connect via a VPN therefore they have to see something from a standard web connection. I was trying to say that in some cases a DMZ is needed and as long as the dangers are known then the threat of attack can be mitigated.

______________________
Never let your sense of morals prevent you from doing what is right
PRO Level 2
Posts: 15
Joined: Mon Jun 12, 2006 8:43 pm
Location: England

Postby weazzle » Mon Jul 10, 2006 6:15 am

Don't use DMZ, just open the ports you need on your router.
Image
PRO Level 12
User avatar
Posts: 511
Joined: Thu Aug 26, 2004 4:55 pm
Location: Albuquerque, NM {USA}

Postby Synaptic » Mon Jul 10, 2006 7:45 am

NT50, Seriously advise against putting Firewall on Server 2003. In my personal experience, it's just as bad as getting a virus on the Machine. Most of the AD services will stop working.

The other thing, is Symantec Client Security, which has a Firewall and Symantec Antivirus Corporate 10. It's the package that I was using when the Idiot managing the Group Policy refused to reallow Windows Firewall, under the guise that 'we're protected from hacks here...' Obviously didn't consider home.
"Know this, you can cut me off from the civilized world, you can incarcerate me with two moronic cell mates, you can torture me with your thrice daily swill, but you can not break the spirit of a Winchester. My voice shall be heard from this wilderness and I shall be delievered from this feted and festering sewer." - Charles Emerson Winchester, III, M*A*S*H
PRO Level 11
User avatar
Posts: 455
Joined: Sat Apr 24, 2004 8:36 am
Location: Sydney, Australia

Previous

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 1 guest

cron
cron