Re: defeating firewalls made easy

"itoii 3uvu" <itoii3uvu@hotmail.com> wrote in
news:6lnme.2763$rb6.470@lakeread07:

> all good points . .but the big question this article raises:
>
> can a criminal trespass electronically onto or in a remote computer
> protected by a firewall; and without any assistance from a direct or
> indirect physical trespass of the target computer? this article seems to
> imply an affirmative answer to that question.

Actually, that always has been true. A really good firewall blocks access
to prohibited internal ports, a wide range of protocol attacks and some
unsolicited outbound packets. The stuff no one should access from the
outside anyway.

But a firewall doesn't protect against badly written php code (phpnuke,
phpbb, etc) for which constant exploits are being discovered. It doesn't
protect against simple, easily cracked ssh passwords or failure to update
dns or ftp server software allowing unauthorized access. The only time it
can offer complete protection is if the system is running no services at
all. And it sure doesn't protect against dishonest employees.

The insurance guys offer us a clue as to which is the most costly problem.
Liability - yeah, it isn't cheap but it's worth a bunch of your net income.
But when we tried to tack on some "inexpensive" employee theft insurance we
discovered that it would increase our bill by 30%. The insurers aren't
easily convinced that your employees are as honest as you think they are.
This makes sense when you realize that Bank of America employees recently
made off with several hundred thousand records containing juicy,
exploitable private information. And since the insurers base their rates on
actual experience......
Received on Thu Sep 29 19:53:15 2005