IT Employment

General discussion


Learn from past security issues

By debate ·
Tell us what you think about learning from previous security compromises, as featured in the latest Internet Security Focus e-newsletter. How are using this knowledge to potentially thwart future problems? Are you using firewalls and/or virus-scanning software to help protect your systems?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Learn from past security issues

by Cat Scan In reply to Learn from past security ...

What A team that I was on did for a small company was install an MS proxy box; with active virus scanning for all incoming and outgoing mail and other items; on site and then made all the workstations including a few other servers private IP based.Instead of the way it was set up.. Public IP's.. After a long period of time we found that thisseemed to take care of the security issues we had since all Internet traffic was routed through different ports. Some software other than I.E. needed tobe reconfigured but it was well worth it. Nimda and code red only hit the unfortunate web server that was running IIS.

Collapse -

History is a good teacher, but....

by jdii1215 In reply to Learn from past security ...

While I agree that history provides many precedents to NOT repeat, I also think common sense might play a factor. Those who use high-powered transmission in wireless, with a non-directional pipe, are asking for trouble if they do use a standard like802.11b. Then anyone with a sniffer and primitve amplification can indeed eavesdrop on a LAN so equiped.

the following might help, though:


NOT WEP alone, but a required SSL connect for wireless into gateway servers or routers, to get into hardwired clusters. Thus, segment the work, local shortruns are hardwaired, gates are either 802.11 of a nature to not go through walls or SSLd access only.

Like sysadmins control access to CUPS with Password control and the server if linux can be such that SSL is required to hook into the server at all, so segment your networks with workgroup mini-clusters (logical, not as in clustered PCs for processing power, but rather star clusters with gated pipes to wireless and a SSL connect into every gate-- more expensive short term, lots LESS expensive for anyone who has to track customer financial data in the long run, because customers tend to avoid such firms).

A slight mod of EDS's End-point firewalling strategy, which could help also if extended to each machine.

History applied to carefully considered preplanning, yes. Laziness and convenience for employees at the sacrifice of cash flow due to mass migration of customers away from your firm because someone syphoned off your customer data base, no.


Collapse -

Protect your Servers & WorkStations

by sandyw In reply to Learn from past security ...

Take a look at the 3Com EFW (Embedded FireWall) 10/100 Network Interface Card.
Protect your Servers & WorkStations at the network entry point.
The only thing missing is Multiple O/S support, yep you guessedit, Windows only at this stage.
You're right, prevention is the only cure.

Related Discussions

Related Forums