[SLUG] Re: Router -- defense-in-depth

From: Bryan J. Smith (b.j.smith@ieee.org)
Date: Mon Oct 11 2004 - 11:50:58 EDT


xcalibre wrote:
> free version of zonealarm will not work with linksys routers only thhe paide
> version has filtering to work with routers

Pete S. wrote:
> The free version would not allow for stateful packet monitoring from
> the Linksys rounter, but would allow the windows box to monitor all
> incoming, and outgoing software from the XP box, which is the system
> that may be compromised.

You should always pair individual host-based filtering and scanning with
a network-based filtering, scanning and system.

Of course, it's easy to get overloaded with logs, activity reports,
etc... So you typically want something that offers auditing.

Typically a network IDS (on the firewall is good enough for SOHO/SMB)
combined with a centralized host auditing system (that reads and
interprets logs from individual hosts) is good enough.

Basic "defense-in-depth."

Also don't forget that various layers of your internal network should be
firewalled. That's one of the major reasons I _dislike_ ADS, because
the Kerberos Distribution Center (KDC aka "key server") is on the same
system that is running DCE-RPC and other CIFS/SMB services (as well as
DNS if you are using "proprietary" mode).

-- 
Bryan J. Smith                                  b.j.smith@ieee.org 
------------------------------------------------------------------ 
"Communities don't have rights. Only individuals in the community
 have rights. ... That idea of community rights is firmly rooted
 in the 'Communist Manifesto.'" -- Michael Badnarik

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:35:02 EDT