On 3 August 2011 08:31, Johannes Meixner <jsmeix@suse.de> wrote:
On Aug 2 18:13 Rob Davies wrote (excerpt):
One incident that comes from personal experience, was in a "trusted" company network. Basically I got port scanned from the Internet Gateway host
If you have the ports open in the firewall for the services which you use in your internal network, the firewall would not help you against a port scan or against any kind of attack regarding the services which you use in your internal network.
If you use services in your internal network, you cannot protect them with firewalls inside your internal network.
You can only protect your whole trusted network with a firewall at the borderline of your trusted network.
If the protection at the borderline fails you are basically doomed.
Actually I arranged to explicitly enable host IP addresses requiring access, detecting "unauthorised" accesses. Furthermore I took advantage of the subnetting. Resigning oneself to "being doomed" is not a practical option, it certainly won't enhance your reputation with the managers who allocate the department budgets.. You can for instance arrange for a peer's DNS or NTP server UDP packets to pass, but generally block UDP on that interface as illegitimate. There is a general problem with idea of "trusted", it is far too black & white when reality hits. BTW Someone mentioned ssh, sshd can listen on alternative ports to 22, that seems actually a wise step from the ssh port probing I've seen. Rob -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org