[Previous] [Next] [Index]
[Thread]
Re: Need help! Regarding internet security.
Habib:
Whose router are you using? We've always gone with Cisco, and there should
be information off the Cisco home page (http://www.cisco.com) regarding packet
filtering and other information related to router-based security.
Most decent routers will allow you to filter on both IP addresses (source and
destination) as well as source and destination ports. The combination can
give you control over which services can be used from the outside world to
different machines.
Be careful. Writing the filtering rules can be complex until you get the
hang of it.
As for the services you mentioned, I'd recommend getting a copy of the new
Garfinkel and Spafford book "Practical UNIX and Internet Security". This goes
into great detail about mitigating hazards related to those services.
Regards,
Scott Behnke
Begin forwarded message:
X-Mailer: Novell GroupWise 4.1
Date: Mon, 15 Jul 1996 14:42:43 +0800
From: MOHAMED HABIB MOHAMED EUSOFF <HABIB@klse.com.my>
To: www-security@ns2.rutgers.edu
Subject: Need help! Regarding internet security.
Sender: owner-www-security@ns2.rutgers.edu
Need help! Regarding internet security.
Anyone has paper/doc/info how much security provided by ROUTER that's
connected to the
net?
Correct me if I'm wrong, below is what I understand.
1. Router sit in Layer 3 (network layer) and does packet filtering only. It
check all packet
forward to it and route to its destination if it knows else it drop the packet.
2. Administrator can only block IP addresses (range of addresses) that he/she
feel should be
allowed.
3. Facility such as FTP, telnet, tftp, rlogin, rsh and other internet
services could not be blocked
thru ROUTER instead it can only be blocked in internet server host.
Finally, I would appreciate if anyone could shed some lights on the below:
Internet FTP facility- how this facility could harm one's server that is
connected to the net. Is that
possible hacker could use this facility to hack in.
How about Telnet, SMTP, rlogin (any other ) facilities ? How these facilities
could open door to
hacker ?
Thanks.
habib
References: