| Author |
Message |
Leythos
Guest
|
 Posted:
Sun Jan 16, 2005 4:00 am Post subject:
Re: NT 4 server firewall? |
|
|
In article <41e96ed0$0$6216$e4fe514c@news.xs4all.nl>, bas.keur@dmrt.net
says...
| Quote: | Well, the sweat breaks on my back when i'm send out to `investigate`
a problem on those `appliance` boxes in most cases :)
(Note: Symantec SGS5400/Raptor, Nokia & FW1 boxes)
While people seem to be scared of *BSD in general, it's `REALLY`
simple when you need a firewall. Take my fav. OpenBSD's PF
http://www.openbsd.org/faq/pf/
http://www.google.com/bsd?q=pf.conf
What i like most in PF is it's flexability to at variables for anything you
whould want to `group`. What whould have been a ruleset of 12
pages suddely takes 1 page. Ahh the harmony.
But again, this is prob. just a case of personal flavor :)
|
The problem with a nix firewall running on BSD or any other variant is
that if you're not the one that installed it you don't know what else is
running on the machine unless you spend time reviewing the system. With
a firewall appliance you are almost certain to know what's installed and
running on it. Once you learn the product most of the other in the same
vendors line fall into place.
Don't get me wrong, I like the flexibility of an Open Source solution,
but I've also never found anything that I wanted to do that I could not
do with a WatchGuard Firebox II or III series unit.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
 |
John Mason Jr
Guest
|
| Posted:
Sun Jan 16, 2005 8:01 am Post subject:
Re: NT 4 server firewall? |
|
|
Leythos wrote:
| Quote: | In article <41e96ed0$0$6216$e4fe514c@news.xs4all.nl>, bas.keur@dmrt.net
says...
Well, the sweat breaks on my back when i'm send out to `investigate`
a problem on those `appliance` boxes in most cases :)
(Note: Symantec SGS5400/Raptor, Nokia & FW1 boxes)
While people seem to be scared of *BSD in general, it's `REALLY`
simple when you need a firewall. Take my fav. OpenBSD's PF
http://www.openbsd.org/faq/pf/
http://www.google.com/bsd?q=pf.conf
What i like most in PF is it's flexability to at variables for anything you
whould want to `group`. What whould have been a ruleset of 12
pages suddely takes 1 page. Ahh the harmony.
But again, this is prob. just a case of personal flavor :)
The problem with a nix firewall running on BSD or any other variant is
that if you're not the one that installed it you don't know what else is
running on the machine unless you spend time reviewing the system. With
a firewall appliance you are almost certain to know what's installed and
running on it. Once you learn the product most of the other in the same
vendors line fall into place.
|
If you don't install the firewall and pen test you are trusting whoever
did the configuration, regardless of whether it is a site built or an
appliance. Using a well established product should allow you to get
security in place quicker though and at a lower level of effort
| Quote: |
Don't get me wrong, I like the flexibility of an Open Source solution,
but I've also never found anything that I wanted to do that I could not
do with a WatchGuard Firebox II or III series unit.
|
I would agree except for the concept of isolating functions to minimize
potential flaws.
John |
|
| Back to top |
|
|
Larry KHAASS
Guest
|
| Posted:
Sun Jan 16, 2005 5:23 pm Post subject:
There cannot be an absence of moral content in American fore |
|
|
There cannot be an absence of moral content in American foreign policy...
CONDI: There cannot be an absence of moral content in American foreign
policy...
SHe is covering up the DIRT of Karl Rove's White House Murder Inc. "
The BIGGEST FREAKING LIARS THE WORLD HAS EVER KNOWN
ARE THESE BUNCH OF MURDERERS SITTING @ 1600 PENNSYLVANIA
AVENUE ; WASHINGTON DC. 20505. & DAMASCUS SYRIA.
THE LEBANESE KNOW BETTER THAN TO BELIEVE THESE KILLERS
WHO ARE BEST BUDDIES WITH THE SYRIANS SINCE THE 1960S.
In a time of universal deceit, telling the truth is a revolutionary act.!!!
George Orwell.
It's better to die on your feet, than to live on your knees - Emilio
Zapata.
Never doubt that a small group of thoughtful, committed citizens can
change the world. Indeed, it's the only thing that ever has. - - Margaret
Mead.
"Every single POLITICAL MURDER ASSASSINATION, is something that should upset
a World bound up in comfort and ready answers"
NEW INFOS. 2005 - INTELLIGENCIA SCOOP.
http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=76
http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=75
JAN., 2005- On September 15, 2001, just four days after the 9-11 attacks,
CIA Director George Tenet provided President [sic] Bush with a Top Secret
"Worldwide Attack Matrix"-a virtual license to kill targets deemed to be a
threat to the United States in some 80 countries around the world. The Tenet
plan, which was subsequently approved by Bush, essentially reversed the
executive orders of four previous U.S. administrations that expressly
prohibited political assassinations.
According to high level European intelligence officials, Bush's counselor,
Karl Rove, used the new presidential authority to silence a popular Lebanese
Christian politician who was planning to offer irrefutable evidence that
Israeli Prime Minister Ariel Sharon authorized the massacre of hundreds of
Palestinian men, women, and children in the Beirut refugee camps of Sabra
and Shatilla in 1982. In addition, Sharon provided the Lebanese forces who
carried out the grisly task. At the time of the massacres, Elie Hobeika was
intelligence chief of Lebanese Christian forces in Lebanon who were battling
Palestinians and other Muslim groups in a bloody civil war. He was also the
chief liaison to Israeli Defense Force (IDF) personnel in Lebanon. An
official Israeli inquiry into the massacre at the camps, the Kahan
Commission, merely found Sharon "indirectly" responsible for the slaughter
and fingered Hobeika as the chief instigator.
The Kahan Commission never called on Hobeika to offer testimony in his
defense. However, in response to charges brought against Sharon before a
special war crimes court in Belgium, Hobeika was urged to testify against
Sharon, according to well-informed Lebanese sources. Hobeika was prepared to
offer a different version of events than what was contained in the Kahan
report. A 1993 Belgian law permitting human rights prosecutions was unusual
in that non-Belgians could be tried for violations against other
non-Belgians in a Belgian court. Under pressure from the Bush
administration, the law was severely amended and the extra territoriality
provisions were curtailed.
Hobeika headed the Lebanese forces intelligence agency since the mid- 1970s
and he soon developed close ties to the CIA. He was a frequent visitor to
the CIA's headquarters at Langley, Virginia. After the Syrian invasion of
Lebanon in 1990, Hobeika held a number of cabinet positions in the Lebanese
government, a proxy for the Syrian occupation authorities. He also served in
the parliament. In July 2001, Hobeika called a press conference and
announced he was prepared to testify against Sharon in Belgium and revealed
that he had evidence of what actually occurred in Sabra and Shatilla.
Hobeika also indicated that Israel had flown members of the South Lebanon
Army (SLA) into Beirut International Airport in an Israeli Air Force C130
transport plane, in full view of dozens of witnesses, including members of
the Lebanese army and others. SLA troops under the command of Major Saad
Haddad were slipped into the camps to commit the massacres. The SLA troops
were under the direct command of Ariel Sharon and an Israeli Mossad agent
provocateur named Rafi Eitan. Hobeika offered evidence that a former U.S.
ambassador to Lebanon was aware of the Israeli plot. In addition, the IDF
had placed a camera in a strategic position to film the Sabra and Shatilla
massacres. Hobeika was going to ask that the footage be released as part of
the investigation of Sharon.
After announcing he was willing to testify against Sharon, Hobeika became
fearful for his safety and began moves to leave Lebanon. Hobeika was not
aware that his threats to testify against Sharon had triggered a series of
fateful events that reached well into the White House and Sharon's office.
On January 24, 2002, Hobeika's car was blown up by a remote controlled bomb
placed in a parked Mercedes along a street in the Hazmieh section of Beirut.
The bomb exploded when Hobeika and his three associates, Fares Souweidan,
Mitri Ajram, and Waleed Zein, were driving their Range Rover past the
TNT-laden Mercedes at 9:40 am Beirut time. The Range Rover's four passengers
were killed in the explosion. In case Hobeika's car had taken another route
through the neighborhood, two additional parked cars, located at two other
choke points, were also rigged with TNT. The powerful bomb wounded a number
of other people on the street. Other parked cars were destroyed and
buildings and homes were damaged. The Lebanese president, prime minister,
and interior minister all claimed that Israeli agents were behind the
attack.
It is noteworthy that the State Department's list of global terrorist
incidents for 2002 worldwide failed to list the car bombing attack on
Hobeika and his party. The White House wanted to ensure the attack was
censored from the report. The reason was simple: the attack ultimately had
Washington's fingerprints on it.
High level European intelligence sources now report that Karl Rove
personally coordinated Hobeika's assassination. The hit on Hobeika employed
Syrian intelligence agents. Syrian President Bashar Assad was trying to
curry favor with the Bush administration in the aftermath of 9-11 and was
more than willing to help the White House. In addition, Assad's father,
Hafez Assad, had been an ally of Bush's father during Desert Storm, a period
that saw Washington give a "wink and a nod" to Syria's occupation of
Lebanon. Rove wanted to help Sharon avoid any political embarrassment from
an in absentia trial in Brussels where Hobeika would be a star witness. Rove
and Sharon agreed on the plan to use Syrian Military Intelligence agents to
assassinate Hobeika. Rove saw Sharon as an indispensable ally of Bush in
ensuring the loyalty of the Christian evangelical and Jewish voting blocs in
the United States. Sharon saw the plan to have the United States coordinate
the hit as a way to mask all connections to Jerusalem.
The Syrian hit team was ordered by Assef Shawkat, the number two man in
Syrian military intelligence and a good friend and brother in law of Syrian
President Bashar Assad. Assad's intelligence services had already cooperated
with U.S. intelligence in resorting to unconventional methods to extract
information from al Qaeda detainees deported to Syria from the United States
and other countries in the wake of 9-11. The order to take out Hobeika was
transmitted by Shawkat to Roustom Ghazali, the head of Syrian military
intelligence in Beirut. Ghazali arranged for the three remote controlled
cars to be parked along Hobeika's route in Hazmieh; only few hundred yards
from the Barracks of Syrian Special Forces which are stationed in the area
near the Presidential palace , the ministry of Defense and various
Government and officers quarters . This particular area is covered 24/7 by a
very sophisticated USA multi-agency surveillance system to monitor Syrian
and Lebanese security activities and is a " Choice " area to live in for its
perceived high security, [Courtesy of the Special Collections Service.]
SCS...; CIA & NSA & DIA....etc.
The plan to kill Hobeika had all the necessary caveats and built-in denial
mechanisms. If the Syrians were discovered beforehand or afterwards, Karl
Rove and his associates in the Pentagon's Office of Special Plans, OSP;
& the VP's office would be ensured plausible deniability.
"The significance of this masterpiece is not only the divulsion of facts,
but the focus it's made on the covert cooperation between the parties who
are playing enemies.... " At the very Least in Lebanon since the 1970s...!!!
http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=76
Hobeika's CIA intermediary in Beirut, a man only referred to as "Jason" by
Hobeika, was a frequent companion of the Lebanese politician during official
and off-duty hours. During Hobeika's election campaigns for his
parliamentary seat, Jason was often in Hobeika's office offering support and
advice. After Hobeika's assassination, Jason became despondent over the
death of his colleague. Eventually, Jason disappeared abruptly from Lebanon
and reportedly later emerged in Pakistan.
Karl Rove's involvement in the assassination of Hobeika may not have been
the last "hit" he ordered to help out Sharon. In March 2002, a few months
after Hobeika's assassination, another Lebanese Christian with knowledge of
Sharon's involvement in the Sabra and Shatilla massacres was gunned down
along with his wife in Sao Paulo, Brazil. A bullet fired at Michael Nassar's
car flattened one of his tires. Nassar pulled into a gasoline station for
repairs. A professional assassin, firing a gun with a silencer, shot Nassar
and his wife in the head, killing them both instantly. The assailant fled
and was never captured. Nassar was also involved with the Phalange militia
at Sabra and Shatilla. Nassar was also reportedly willing to testify against
Sharon in Belgium and, as a nephew of SLA Commander General Antoine Lahd,
may have had important evidence to bolster Hobeika's charge that Sharon
ordered SLA forces into the camps to wipe out the Palestinians.
Based on what European intelligence claims is concrete intelligence on
Rove's involvement in the assassination of Hobeika, the Bush administration
can now add political assassination to its laundry list of other misdeeds,
from lying about the reasons to go to war to the torture tactics in
violation of the Geneva Conventions that have been employed by the Pentagon
and "third country" nationals at prisons in Iraq and Guantanamo Bay.
Karl Rove's White House " Murder Inc. ".
http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=71
Tensions in the Middle East have prompted public expressions of anti-U.S.
rhetoric and public sentiment. Events in past years in Lebanon, such as
bombings directed at U.S. franchises and the November 2002 murder of a U.S.
citizen in Sidon, underscore the need for caution and sound personal
security precautions. Anti-American demonstrations have occurred in the last
12 months in refugee camps, in the southern suburbs of Beirut and in Beirut
proper to protest U.S. foreign policy. In May 2004, an anti-government
demonstration in the southern suburbs of Beirut turned violent resulting in
the deaths of five demonstrators.
It is noteworthy that the State Department's list of global terrorist
incidents for 2002 worldwide failed to list the car bombing attack on
Hobeika and his party.... But Listed a small Hand Grenade thrown at
a U.S. franchise....? The White House wanted to ensure the attack was
censored from the report. The reason was simple: the attack ultimately had
Washington's fingerprints on it...Karl Rove's White House " Murder Inc."
http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=71
This is some of the evidence for you and for the World ....
*******************************************************************************
~encrypted/logs/access ====>> INTELLIGENCE Agencies Servers footprints.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Not to mention hundreds of private companies and governments........!
....See Below :
*******************************************************************************
Lines 10-36 of my logfiles show a TREMENDOUS interest in this article:1052
# grep sid=1052 /encrypted/logs/access_log|awk '{print$1,$7}'|sed-n'10,36p'.
spb-213-33-248-190.sovintel.ru /modules.php?name=News&file=article&sid=1052
Soviet/RUSSIAN Intelligence services...
ext1.shape.nato.int /modules.php?name=News&file=article&sid=1052
NATO Intel.
server1.namsa.nato.int /modules.php?name=News&file=article&sid=1052
Nato Intel.
ns1.saclantc.nato.int /modules.php?name=News&file=article&sid=1052
Strategic Air Command US Intel.
bxlproxyb.europarl.eu.int /modules.php?name=News&file=article&sid=1052
European Parliament Intel. Unit
wdcsun18.usdoj.gov /modules.php?name=News&file=article&sid=1052
USA Department of Justice...
wdcsun21.usdoj.gov /modules.php?name=News&file=article&sid=1052
USA Department of Justice...
tcs-gateway11.treas.gov /modules.php?name=News&file=article&sid=1052
USA Treasury Department
tcs-gateway13.treas.gov /modules.php?name=News&file=article&sid=1052
USA Treasury Department
relay1.ucia.gov /modules.php?name=News&file=article&sid=1052
CIA Langley
relay2.cia.gov /modules.php?name=News&file=article&sid=1052
CIA Langley
relay2.ucia.gov /modules.php?name=News&file=article&sid=1052
CIA Langley
n021.dhs.gov /modules.php?name=News&file=article&sid=1052
USA Department of Homeland security Intel.
legion.dera.gov.uk /modules.php?name=News&file=article&sid=1052
British Intel.
gateway-fincen.uscg.mil /modules.php?name=News&file=article&sid=1052
Pentagon US.
crawler2.googlebot.com /modules.php?name=News&file=article&sid=1052
Intel....
crawler1.googlebot.com /modules.php?name=News&file=article&sid=1052
Intel.....
gateway101.gsi.gov.uk /modules.php?name=News&file=article&sid=1052
British Intel.
gate11-quantico.nmci.usmc.mil /modules.php?name=News&file=article&sid=1052
USA Marine Corps Quantico Virginia Intel.
gate13-quantico.nmci.usmc.mil /modules.php?name=News&file=article&sid=1052
USA Marine Corps Quantico Virginia Intel.
fw1-a.osis.gov /modules.php?name=News&file=article&sid=1052
US Intel SIS.
crawler13.googlebot.com /modules.php?name=News&file=article&sid=1052
Intel....
fw1-b.osis.gov /modules.php?name=News&file=article&sid=1052
US Intel. OSIS.
bouncer.nics.gov.uk /modules.php?name=News&file=article&sid=1052
British Intel.
beluha.ssu.gov.ua /modules.php?name=News&file=article&sid=1052
Ukrainian Intelligence.
zukprxpro02.zreo.compaq.com/modules.php?name=News&file=article&sid=1052....
Intel....
http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=75
"The significance of this masterpiece is not only the divulsion of facts,
but the focus it's made on the covert cooperation between the parties who
are playing enemies.... " At the very Least in Lebanon since the 1970s...!!!
http://www.abcnorio.org/pcgi-bin/boards/housing/robboard.cgi?action=display&num=76
LIARS BOTH OF THEM ; LIARS BANADEEK TIMOURLANK THE KILLERS. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Sun Jan 16, 2005 8:08 pm Post subject:
Re: NT 4 server firewall? |
|
|
In article <fXlGd.28686$jn.24751@lakeread06>, notvalid@cox.net.invalid
says...
| Quote: | Leythos wrote:
In article <41e96ed0$0$6216$e4fe514c@news.xs4all.nl>, bas.keur@dmrt.net
says...
Well, the sweat breaks on my back when i'm send out to `investigate`
a problem on those `appliance` boxes in most cases :)
(Note: Symantec SGS5400/Raptor, Nokia & FW1 boxes)
While people seem to be scared of *BSD in general, it's `REALLY`
simple when you need a firewall. Take my fav. OpenBSD's PF
http://www.openbsd.org/faq/pf/
http://www.google.com/bsd?q=pf.conf
What i like most in PF is it's flexability to at variables for anything you
whould want to `group`. What whould have been a ruleset of 12
pages suddely takes 1 page. Ahh the harmony.
But again, this is prob. just a case of personal flavor :)
The problem with a nix firewall running on BSD or any other variant is
that if you're not the one that installed it you don't know what else is
running on the machine unless you spend time reviewing the system. With
a firewall appliance you are almost certain to know what's installed and
running on it. Once you learn the product most of the other in the same
vendors line fall into place.
If you don't install the firewall and pen test you are trusting whoever
did the configuration, regardless of whether it is a site built or an
appliance. Using a well established product should allow you to get
security in place quicker though and at a lower level of effort
|
You said "Using a well established product should allow you to get
security in place quicker though and at a lower level of effort". for
most of us, that would be the typical appliance we're most comfortable
with as setting up a PC, OS, Firewall Rules, etc... takes more time than
setting up an appliance. The appliance also has less opportunity for
mistakes - compared to the OS firewall.
| Quote: | Don't get me wrong, I like the flexibility of an Open Source solution,
but I've also never found anything that I wanted to do that I could not
do with a WatchGuard Firebox II or III series unit.
I would agree except for the concept of isolating functions to minimize
potential flaws.
|
Since I don't trust the firewall to run on an application server I
isolate functions like SMTP, HTTP, FTP, etc.. via the firewall rules.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
By-Proxy
Guest
|
| Posted:
Mon Jan 17, 2005 1:46 am Post subject:
Re: NT 4 server firewall? |
|
|
zn <zn@zn122.edu.invalid> wrote in
news:Xns95DE93748F63znzn122eduinvalid@216.196.97.131:
| Quote: | Who makes software firewalls for Windows NT 4 Server? We are running
an Oracle database on it and want to give it further security. Are
there any quality freeware server firewall products for NT 4?
Thanks.
|
This guy is a twit. He thinks he knows more and better than his own Admin
staff. He also will not consider the move away from NT4. He wont listen to
sound advise from other employed proffesionals. He is paranoid about
protecting somthing on a system that is FULL of problems.
Get back into your ivory tower and worry about your own job and leave the
Admin stuff to people that are trained. People that work with these issues
daily and people that dont fly off with 1/2 cocked hair brained ideas every
time some new issue arises.
This is exactly the type of person I will NEVER work for. |
|
| Back to top |
|
|
zn
Guest
|
| Posted:
Mon Jan 17, 2005 2:59 am Post subject:
Re: NT 4 server firewall? |
|
|
"By-Proxy" <pipe@nowhere.com> wrote in
news:Xns95E149F564C48byProxy@203.16.214.244:
| Quote: | zn <zn@zn122.edu.invalid> wrote in
news:Xns95DE93748F63znzn122eduinvalid@216.196.97.131:
Who makes software firewalls for Windows NT 4 Server? We are running
an Oracle database on it and want to give it further security. Are
there any quality freeware server firewall products for NT 4?
Thanks.
This guy is a twit. He thinks he knows more and better than his own
Admin staff. He also will not consider the move away from NT4. He wont
|
Wrong. I am the systems admin. I'm well aware of the problems with NT 4
and support. I *inherited* this problem recently. But until the
replacement is funded, I need to do everything possible to keep it
secure.
listen to sound advise from other employed proffesionals. He is
| Quote: | paranoid about protecting somthing on a system that is FULL of
problems.
|
And if the system is full of problems -- all potentially originating over
the network -- and I'm aware of that, a stopgap solution is a software
firewall (on top of other security in place).
| Quote: | Get back into your ivory tower and worry about your own job and leave
the Admin stuff to people that are trained. People that work with
these issues daily and people that dont fly off with 1/2 cocked hair
brained ideas every time some new issue arises.
This is exactly the type of person I will NEVER work for.
|
I get a kick out of you anti-social jerks. You can't have a reasonable
conversation and have nothing better to do that pour out all your
accumulated life's rage into usenet. If you don't have anything
meaningful to add, don't post. |
|
| Back to top |
|
|
John Mason Jr
Guest
|
| Posted:
Mon Jan 17, 2005 3:12 am Post subject:
Re: NT 4 server firewall? |
|
|
Leythos wrote:
| Quote: | In article <fXlGd.28686$jn.24751@lakeread06>, notvalid@cox.net.invalid
says...
Leythos wrote:
In article <41e96ed0$0$6216$e4fe514c@news.xs4all.nl>, bas.keur@dmrt.net
says...
Well, the sweat breaks on my back when i'm send out to `investigate`
a problem on those `appliance` boxes in most cases :)
(Note: Symantec SGS5400/Raptor, Nokia & FW1 boxes)
While people seem to be scared of *BSD in general, it's `REALLY`
simple when you need a firewall. Take my fav. OpenBSD's PF
http://www.openbsd.org/faq/pf/
http://www.google.com/bsd?q=pf.conf
What i like most in PF is it's flexability to at variables for anything you
whould want to `group`. What whould have been a ruleset of 12
pages suddely takes 1 page. Ahh the harmony.
But again, this is prob. just a case of personal flavor :)
The problem with a nix firewall running on BSD or any other variant is
that if you're not the one that installed it you don't know what else is
running on the machine unless you spend time reviewing the system. With
a firewall appliance you are almost certain to know what's installed and
running on it. Once you learn the product most of the other in the same
vendors line fall into place.
If you don't install the firewall and pen test you are trusting whoever
did the configuration, regardless of whether it is a site built or an
appliance. Using a well established product should allow you to get
security in place quicker though and at a lower level of effort
You said "Using a well established product should allow you to get
security in place quicker though and at a lower level of effort". for
most of us, that would be the typical appliance we're most comfortable
with as setting up a PC, OS, Firewall Rules, etc... takes more time than
setting up an appliance. The appliance also has less opportunity for
mistakes - compared to the OS firewall.
|
I agree I was only making the point about trust, and that it must exist
in either solution unless you have the in house knowledge to build from
scratch. From a CYA point of view going with an appliance that is from a
company with a strong track record of security and support, is a no
brainer. But if your data is important don't put all the eggs in one
basket.
| Quote: |
Don't get me wrong, I like the flexibility of an Open Source solution,
but I've also never found anything that I wanted to do that I could not
do with a WatchGuard Firebox II or III series unit.
I would agree except for the concept of isolating functions to minimize
potential flaws.
Since I don't trust the firewall to run on an application server I
isolate functions like SMTP, HTTP, FTP, etc.. via the firewall rules.
|
I was referring to the continual addition of features to firewalls and
appliances. Makes me nervous as every increase in complexity adds
potential weaknesses
John |
|
| Back to top |
|
|
Greg Hennessy
Guest
|
| Posted:
Mon Jan 17, 2005 3:18 am Post subject:
Re: NT 4 server firewall? |
|
|
On 17 Jan 2005 07:16:14 +1050, "By-Proxy" <pipe@nowhere.com> wrote:
| Quote: |
This guy is a twit. He thinks he knows more and better than his own Admin
staff. He also will not consider the move away from NT4. He wont listen to
sound advise from other employed proffesionals.
|
Life in the real world is a mite more complicated than your mothers
basement son.
Have you even considered the notion that there may be no budget or other
sound business reasons why it cannot be touched ?
| Quote: | He is paranoid about
protecting somthing on a system that is FULL of problems.
|
He may have no choice in the matter.
A true professional will canvass opinion from his peers and seek to make
best use of the cards they've been dealt.
greg
--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Mon Jan 17, 2005 3:26 am Post subject:
Re: NT 4 server firewall? |
|
|
In article <dFBGd.30337$jn.29287@lakeread06>, notvalid@cox.net.invalid
says...
| Quote: | I agree I was only making the point about trust, and that it must exist
in either solution unless you have the in house knowledge to build from
scratch. From a CYA point of view going with an appliance that is from a
company with a strong track record of security and support, is a no
brainer. But if your data is important don't put all the eggs in one
basket.
|
I don't, but there is little that you are going to do to protect an
Oracle server that a firewall appliance won't already handle. You need
data connections from some system to the server, from developers systems
to the server, you need remote access for management (as in TightVNC or
VNC) that you can limit from a couple locations - all of this is done by
the appliance. If you want to limit the outbound from the server it's
the same. If the server is setup properly then a personal firewall
solution is not going to help.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
Fidelio
Guest
|
| Posted:
Mon Jan 17, 2005 3:16 pm Post subject:
Re: NT 4 server firewall? |
|
|
ISA Server... from the maker of NT 4.
"zn" <zn@zn122.edu.invalid> escribió en el mensaje
news:Xns95DE93748F63znzn122eduinvalid@216.196.97.131...
| Quote: | Who makes software firewalls for Windows NT 4 Server? We are running an
Oracle database on it and want to give it further security. Are there any
quality freeware server firewall products for NT 4?
Thanks. |
|
|
| Back to top |
|
|
Wolfgang Ewert
Guest
|
| Posted:
Wed Jan 19, 2005 7:05 pm Post subject:
Re: NT 4 server firewall? |
|
|
Hallo "zn",
Wolfgang Kueter wrote:
| Quote: | zn wrote:
A firewall makes a computer less secure?????
|
It's a principle and there are several examples to demonstrate that.
| Quote: | That's news to me
OK.
OK. |
| Quote: | and everyone else out there.
No.
No. |
Wolfgang
--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04) |
|
| Back to top |
|
|
Wolfgang Ewert
Guest
|
| Posted:
Wed Jan 19, 2005 7:16 pm Post subject:
Re: NT 4 server firewall? |
|
|
Hallo zn, you wrote:
| Quote: | Wrong. I am the systems admin.
|
Oh, shit!
| Quote: | I'm well aware of the problems with NT 4
and support. I *inherited* this problem recently. But until the
replacement is funded, I need to do everything possible to keep it
secure.
|
The only and not well secure workaround in your situation:
Change and configure all the clients with access to the server that they
can't attack the vulnerable server.
If you can't trust some clients don't give them access to the server.
Wolfgang
--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04) |
|
| Back to top |
|
|
Alinator
Guest
|
| Posted:
Thu Jan 20, 2005 2:49 am Post subject:
Re: NT 4 server firewall? |
|
|
"zn" <zn@zn122.edu.invalid> wrote in message
news:Xns95DE93748F63znzn122eduinvalid@216.196.97.131...
| Quote: | Who makes software firewalls for Windows NT 4 Server? We are running an
Oracle database on it and want to give it further security. Are there any
quality freeware server firewall products for NT 4?
Thanks.
|
Well, you certain got a lot helpful opinions without an answer to your
question.
I run Sygate's SPF on an old NT 4 Server I have at home for experimenting
on. Don't seem to have much trouble with it.
Alinator |
|
| Back to top |
|
|
Lars M. Hansen
Guest
|
| Posted:
Thu Jan 20, 2005 4:53 am Post subject:
Re: NT 4 server firewall? |
|
|
On Wed, 19 Jan 2005 21:49:09 GMT, Alinator spoketh
| Quote: | on. Don't seem to have much trouble with it.
|
But does it actually protect something?
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address) |
|
| Back to top |
|
|
zn
Guest
|
| Posted:
Thu Jan 20, 2005 7:52 am Post subject:
Re: NT 4 server firewall? |
|
|
Lars M. Hansen <badnews@hansenonline.net> wrote in
news:mnstu0tuup7bj4ht15krv6c6c2hvi6q0te@4ax.com:
| Quote: | On Wed, 19 Jan 2005 21:49:09 GMT, Alinator spoketh
on. Don't seem to have much trouble with it.
But does it actually protect something?
|
Are you people dense? How can having an installed software firewall not
provide another layor of protection beyond network hardware-based
security??????? |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in