Re: newbie intro
adamsb@un.org
Tue, 21 Feb 95 17:48:20 EST
Hi, Pamela
> We have been reading the firewalls mailing
> list for a while. I have been becomming unhappy with that list
> as it just has to do with firewalls, and they are one paranoid but
> not very productive group.
Beg to differ. They clearly pointed out the problems inherent in
running Firewall 1. They also gave the correct packet filter for
blocking IP spoofing attacks after CIAC and CERT issued the advisory.
When the UN asked Cisco about blocking IP spoofing, Cisco told us that
they didn't know what we were talking about. They do however have a
lot of discussion which is of no concern to most system
administrators.
> Currently, I am trying to sell suid and iss.
> ( Where is the latest ISS anyway? )
Suggest you take a look at Pingware from Bellcore. When I included
some "secure" machines at undp.org in my weekly check for security
holes, undp.org called CERT to say they had been hacked. Pingware is
much more aggressive than ISS in expoiting security holes.
> I am also trying to get cops running on ever system.
The RAXCO Security Toolkit is the commercial equivalent of COPS.
However, its menu interface and reporting facilities make it much
easier to use across multiple systems then COPS.
We use everything we can get our hands on, rather than sticking with a
small group of products.
Finally, if you do not see any threat from your Internet connection,
perhaps you don't have adequate software to let you watch it closely
enough.
Hog Farmer
Tropical Hog Improvement Programme