Printable View
y have to check the indoor security in my system....i rebuild all the firewall rules to use the ip vs mac addresses...configured the proxy to be transparent...and cancelled al the prerouting tables in the gateway.....theres any onethr way some one from inside can use ip tuneling...or anocther technice to gaterin accese to the inner network?¿
i need that nooen can use proxies diferent that mine....and all the traffic will be checked trougth the firewall....
is this enogth?¿
What if someone puts a trojan on a website that you access and it's downloaded to your system via techniques used by spyware?
Do you trust all your friends that visit your place and use your computer?
Are you sure that email you receive, in HTML format, isn't doing something it shouldn't?
The above are all questions that can bypass the firewall because they are allowed via other methods (ie., browser going out and receiving traffic, allowing email with HTML and other web-enhancements, being too trusting of friends).
Just putting up a firewall is not enough. Today's security MUST be layered and have multiple components to it such as (but not limited to) antivirus, spyware detection, IDS (Intrusion detection) and host hardening.
about the downloading process is totalli secure..because you can even download zip files....all the inner trafic is masked with the addres of the gateway...even if you check the ip of a inner machine with www.wathsmyip.com it show nothing but garbage....so if you try to connect to an intranet addres you have to pass trougth the gateway...and the gateway is behind a firewall....and betwen the gateway and the intranet is also another one.....
But what checks the zip file to ensure that the file itself is secure and trustworthy?
jejej sorry i meant that you can't download even a zip file.....all pages are filetered using norton in a nt server before the people in to the intranet can see them
Ah... this is a work setup correct? You are aware that 70% of all attacks against companies are from the Internet. The question is what are you doing to defend against the other 30% (which are from internal sources like employees and such)?
thats rigth.....to be more specifical this is my config.....
i use a dhcp server...
in the iptables..i have accese permisions using ip vs mac..this to avoid inpersonalitation
th ip tables are on the firewall wich acts as the gateway....
the proxy (squid) is configured to deny any download
the msn passes trougth the proxyand all teh trafic for it..( and other messengers) is monotored a recorded...only the file trasfering....
the files trasfered trougth this services is checked with antivirus software....and if i want i can manually cancell any trasnmition....
the firewalls are totally pakced...they only have ssh opened....
what i'm missing?¿
Well, depending on your company's policies, filtering based on certain word types (e.g., to detect child porn surfing etc.), ensuring that HTML is disabled on users' email clients, local security for each machine and an IDS to detect attacks. Also, keep in mind just because SSH is open doesn't mean that they can't use SSH tunnelling to by-pass your AV and other filters.
thans...and one more thing....the trusted cleint for the firewall is mi ip vs my addres....a have permision for all pages...and doeload everithing.....there any way that anyone could impersonate me?¿...( they CAN?T have acces to mi laptop....jejej they'll have to kill me first)...
i have experimiented changing mac addresses but only trougth hardware..there any way they can do it trougth software?¿
A hijacking tool like Ettercap would be effective. Might want to investigate into things like Man-in-the-middle attacks and/or hijacking.
thats a god point..and then...with the actual config....( i filter the ports that the firewall trys to reach on remote machines..so they can't conect to ftp ot telent..or anything fiferent to 80.....)that any one could do a tunneling?¿ ( appart form teh one you allready told me....)
They only way to access things like ftp, telnet, etc would be through a tunnel. Otherwise, it's possible that you've got it locked down. That said however, do NOT assume it's 100% secure. There are always ways around things. Nothing prevents them from downloading through port 80. You are blocking based on port not application.
thats true......i sould be monmitoring also aplications in teh network that acces to teh outside world.....jajaja haven't think on taht....
jejejej don't know if tihis a dumb kuestion....you can anyhow configure a server...said ftp.....to use an interpeter so it could get http like request?¿
teh point if theres any way tah anyone could be getting conected to outside perosnal server.....but looking like it was just a http request to a web page?¿
Only if it's running a web server on it or some other application. Someone could use telnet or netcat to create similar access to a web server. But again, it's if the ftp server is running a webserver.
that's all for today...thanks a lot......i'll check all you told me..and the i'll came back with more questions......
faith_in_death, you might want to read this article on HTTP Tunnelling. It might add a little more for you to be concerned about.