|
Hi James,
A single proxie system in front line will give you
an average security. This avoid people to have a direct contact with your
critical computer. Sure everything is not so simple, depending on how critical
is your network, you may look forward for a good firewall/proxy that will fit
your need.
On my end, I am simply a using a computer as
proxie, so nothing is really saw from outside. If you dont attract attention,
hacker wont take care of you. I have no point for them to waste their time on
something that does not give them a bit of prestige. More often you will be
targeted by a student or person with low skill.
What ever you do, If you become the main target of
a true hacker, he will break in your system soon or later, You cannot have
a 100% securoty seal, but you can surely bring this high enought to be able to
sleep at night.
I dont know a lot about NT, you may want
a security firm looking to your instalation, but
all backup and security plan begin by the evalutation of the cost, what
you need and what you can affort to lose.
Stephen Gilbert
----- Original Message -----
Sent: Wednesday, June 06, 2001 4:29
AM
Subject: AW: [cobalt-security] Might be
off topic. Are computers with 168.192.x.x safe from Internet?
If
you are using NT.. then you're not safe.
With only port 80 opened up, only a well
configured content scanning FW can stop the elite. On www.summercon.org there was an interesting
speach this saturday about these kind of hacks.
But
then this all depends what you are hiding in the back-lan. The more
interesting this looks from the outside, the more the
challenge:)
--
MVG,
Rob van Eijk
Hi,
Sorry if this is somewhat of an off-topic for
this list. But I just couldn't think of any place else to get a
quality answer as this list.
I have been keeping my office's internal LAN
and web servers completely disconnected in order to be absolutely sure that
internal LAN segments are safe from hacking or cracking attempts. (The
network cables physically do not connect between these two segments.)
This worked great from security perspective.
Due to obvious drawbacks with this set up, I am
now attempting to patch a line between the router to the multi-port switch
serving the NT 4 based internal LAN. Of course all internal machines
will only be assigned the private network IPs starting with 168.192. I
am hoping that the machines with private network IPs will be completely
inaccessible from outside. My big question is: Is this that
simple? Or am I missing something? Can someone access a
Internet-connected machine such as web or ftp server THEN somehow reach into
internal machines using some type of Windows share?
Any comments would be greatly
appreciated. Thanks all in advance.
James
Kim
|