[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Code Red: What security specialist don't mention in warnings
Frank, > Web servers should only respond to incoming web requests. > Web servers do not need to > establish connections to the Internet. So if a web server is behind a > stateful firewall, and the firewall rules allow incoming web request > to the web server, but denies outgoing connections from the > web server to the > Internet, then the Code Red worm can be contained. This is absolutely right on. Furthermore, assuming that the web server is in a DMZ, the firewall rules should also block http access originating from the web server to any internal machine; that will block the worm from infecting any internal web servers. I would recommend that a web server: (*) should be in a DMZ, off a separate interface on the firewall), (*) should not be allowed to initiate ANY traffic to ANYWHERE (except maybe ping for troubleshooting) This should not affect its ability to serve pages, will help contain the Code Red worm, and will help protect your net. And this stance holds even if you are using a non-Microsoft web server: you may be vulnerable to the next worm or hack that shows up. Avishai ===== Avishai Wool, Ph.D., Chief Scientist & Co-Founder, Lumeta Corp. 220 Davidson Ave, 4th Floor, Somerset, NJ 08873, USA Email: [email protected] Web: http://research.lumeta.com/yash/ Phone:Cell:Fax:** Want to audit or debug your firewall's policy? ** Lumeta Firewall Analyzer: http://www.lumeta.com/firewall.html __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|