Man gets nine years for spamming

Discussion in 'Computer Security' started by Jim Watt, Apr 9, 2005.

  1. Jim Watt

    Jim Watt Guest

    What about them? Who cares?

    I haven't got any customers there and don't want any.

    Unfortunately Russia is another matter, however the most
    crap I see comes from the US.

    Judging from the comments about identity theft the US lags
    behind the EU in data protection legislation too,.
     
    Jim Watt, Apr 16, 2005
    #61
    1. Advertisements

  2. Jim Watt

    Leythos Guest

    There are two things here:

    1) If I don't do business in a country there is no reason to provide them
    with access to my site.

    2) Black list anything you want as long as it doesn't interfere with your
    targeted audience.

    As I've said many times, I don't black list ALL foreign countries, just
    major parts of ones that have made repeated attempts to exploit a
    known/unknown flaw in a system exposed to the public.
    So, do you let Asian countries have access to your company LAN? Assuming
    you're smart and say no, the same reasoning applies to your DMZ - if you
    are not targeting them for your audience you should block them. It's
    always a good idea to restrict access from those that don't need it.

    Just because you/anyone has an internet connection does not entitle them
    to view a site/service because "you/anyone" wants too, it's the site owner
    that determines who/what can access their site/service.
     
    Leythos, Apr 16, 2005
    #62
    1. Advertisements

  3. Jim Watt

    Jim Watt Guest

    You can safely assume I did that.
    Their TOS does cover "Inappropriate Content - Distribution of content
    which is inappropriate for its intended recipient."

    The board owner has indeed taken action to proactivly respond;
    Javascript is now disabled in postings and the offensive poster gets a
    very special welcome message.

    I assume the idea of the postings was to promote the scummy
    website and to try and generate links to it in search engines
    indexing my site.

    So far porn free, time will tell.
     
    Jim Watt, Apr 16, 2005
    #63
  4. Here is the problem with blocklisting countries. I travel a lot. In fact we
    are in the age of International business (let's be honest it is a quest for
    cheap labor and manufacturing). I am your customer, I travel to Brazil,
    China or whereever for business. I use a local ISP and guess what? I can
    not contact you like I normally do. Even worse I can not get access to the
    resources I need. I am thousands of miles away to boot. PROBLEM!!! As a
    customer I say "what the hell" and go to another company that is "more
    professional". You should not blacklist countries because we live in a
    World economy and have business people who travel aboard frequently.

    Again, I do not and will not, blacklist countries. It is foolish when there
    are many techniques that are equally and significantly better.

    Read above. The "targeted audience" is everyone. Do you really want to
    shrink your targeted audience?
    The point I am making is that you do not need to. Run secure systems. Stay
    away from windows if possible to anything on your DMZ.
    No. DMZ resources do not equate to LAN resources. These are firewalled
    resources that do not reside on you internal LAN. Now I have see in my time
    "potato head IT" shops that had a router with ACLS and static NAT entries
    to resources internal and claim it is a "DMZ". This type of setup DOES NOT
    have a DMZ.

    A DMZ is a construct consisting of a special LAN hanging off a firewall
    where the servers on the said LAN are allowed to receive Internet packets
    (new connections). The servers in the DMZ SHOULD NOT be dual homed back
    into the internal LAN (I see a lot of this mostly from Windows admins,
    sorry good windows guys). Furthermore, the DMZ LANs should be many.The
    servers are logically grouped per DMZ LAN. In other words web servers are
    located on DMZ LAN 1, Mail servers belong to DMZ Lan 2, etc, etc.

    Now here is the clincher. In a proper configuration. DMZ servers ARE NOT
    ALLOWED to connect to ANYTHING internal. The interface between internal pcs
    and servers to the DMZ is as restricted, almost to the same degree, as the
    interface from the Internet to the DMZ servers.

    Then construct your "services" to require a logon....

    The whole purpose of having a website is allow anyone to view it. If you do
    not want people to view all or some of it, require a logon. As for email, I
    already told you the technique of blacklisting countries does not cut it
    for me. We work with people around the World. We have people constantly
    traveling around the World....I use other techniques that result in the
    same SPAM kill rate but WITHOUT using the "black list most of the World"
    technique.

    Again, if your technique works for you, use it. It does not matter to me. I
    just see it as unneeded overkill with the potential to un-needlessly piss
    off our sales people and potentially lose customers....

    Michael
     
    Michael Pelletier, Apr 16, 2005
    #64

  5. It is not only potential customers there but the business people who go
    there and use an ISP. What about those. Sorry but I am a professional. This
    type of solution is not. Again, if it works for you use it. It does not
    work for me...(red the comment I repled to in the same tree)
    Are you looking at the IP address of the SPAM or the spoofed "domain name".

    Again I see, and log, from these countries: China, Brazil, E. Europe and US.
    All of these are on the top of the SPAM countries...
    Maybe (except California) but the EU does not actively pursue credit card
    theft. It is rampant in the EU...and nobody seems to do anything about it.

     
    Michael Pelletier, Apr 16, 2005
    #65
  6. Jim Watt

    Jim Watt Guest

    Mine use webmail on the corporate server.
    Oh wow, as I've told you before some of us have been doing
    these things for a living for some time.
    you mean those email addresses and domains are not real? oh wow again
    I never guessed :)
    Nonsense.
     
    Jim Watt, Apr 16, 2005
    #66
  7. Jim Watt

    Moe Trin Guest

    Actually, you don't have to move to "there". You can set up a shell
    company there, and spam your heart out with little chance of the
    chickens coming home to roost. The money is easily moved without
    difficulty. You could be an employee of a company registered in
    Liechtenstein or whatever, and they could be the nominal owner of the
    shell company in Brazil or whatever.

    [compton ~]$ grep BR IP.ADDR/stats/[ALR]*
    IP.ADDR/stats/AFRINIC:0
    IP.ADDR/stats/APNIC:0
    IP.ADDR/stats/ARIN:0
    IP.ADDR/stats/LACNIC:260
    IP.ADDR/stats/RIPE:0
    [compton ~]$ grep BR IP.ADDR/stats/LACNIC| cut -d' ' -f2 | cut -d'.' -f1 |
    sort -n | uniq -c | column
    1 139 1 147 1 157 38 192 1 206
    4 143 5 150 3 161 10 198
    1 144 2 152 2 164 185 200
    2 146 1 155 1 170 2 201
    [compton ~]$ grep BR IP.ADDR/stats/LACNIC | grep ' 139'
    BR 139.82.0.0 255.255.0.0 assigned
    [compton ~]$

    (The last command is there only to show the format of the file I'm using.)
    However, that doesn't catch "everyone", as several .us registered domains
    are providing service there too.
    Columbia - 95 allocations from LACNIC, a handful from .us ranges like
    Equant, or SpewU.net. Argentina - 228 allocations from LACNIC and
    similar handfuls from .us ranges. Eastern Europe? Define what you mean.
    Romania for example has 231 allocations from RIPE, but they're only in
    14 /8s, and the "bad guys" can be blocked with very few rules.
    The subject has been discussed thousands of time in many newsgroups. Heck,
    there's even a whole Usenet news group about blocklists

    news.admin.net-abuse.blocklisting Discussion of ip-based blocklisting.
    (Moderated)
    If the company isn't offering goods or services to country X, then there is
    no need to allow access from what is perceived to be country X. For a very
    recent discussion of pros/cons/opinions, see the thread "Why you have
    hardware firewalls" in comp.security.firewalls. The local Cadillac dealers
    spew from every radio and TV station in the local market - but they don't
    advertise in LAX, or Vegas, or Dallas. Why? You answer the obvious question.
    And before you say "that's different", think about it.
    There are situations where that might be appropriate. "Your servers, your
    rules" (which may also translate to "your decisions, your loss"). By the
    same token, there may be situations where other (or even no) filtering
    may be more desirable. See the book by John Madden (yes, that John Madden)
    titled "One Size Doesn't Fit All" (ISBN 0-394-56313-1, Villard Books 1988).
    I don't accept mail from 172.0.0.0/8. Why? Because the only two blocks
    assigned to that space belong to AOL, and AOL doesn't have their mail servers
    in that block (they are in 64.12.138.x).
    Then don't use it. But don't think that it might not be suitable (even
    "ideal") for others.

    Old guy
     
    Moe Trin, Apr 16, 2005
    #67
  8. That is pretty much what I meant...
    Sure. But you missing the point. The point is, for me, blocking countries is
    like using a sledgehammer to kill fly. Sure you will kill the fly sooner or
    later but, you will also probably break a lot of peripheral objects also. I
    prefer using a fly swatter...

    Not to meantin the problem of traveling businessmen. We have people who
    travel the World 365 days a year....Country blacklisting causes more
    problems than is removes... especially where there are other techniques
    that give the same result.
    Sure. Again, I will not implement this when there are clearly better ways to
    achieve the same goal...
    Read my respose I posted earlier. Maybe you company is small or has a small
    market. We are global. Most companies (even medium and some small) are
    going global...Your argument might have been valid some years ago, but the
    Internet, and how companies are being run now-a-days, has changing things.
    My company for example does a lot of business in China, South Korea and all
    of S. America...

    Now you example for the car dealership has valid points. However, it does
    not fit all business models...only small local companies.

    You are proving my point with respect to your car dealership. One size does
    not fit all. If you are a small (ie national) company sure, block entire
    countries. If you are a global company this technique is foolish when there
    are other ways to do that are equally effective.

    Let me give you an example that happened to me the other day. I got a phone
    call about a new company that we were looking to do business with. Know, I
    was out of the office. I have a Palm Treo 650. I sent them an email (using
    Hotmail) that never reached them.

    I thought to myself, you guys have to block entire domains in your email
    system? Not even taking into account that most of the SPAM will spoof email
    address from Hotmail and don't really come from them to being with
    (currently not the same in the past). I thought how good is this company
    really? I scratched them off the list and went to the next company....

    The point I am making is this. For global companies you really do not want
    to piss off you potential customers or sales people. There are many
    techniques that will give you the same result without using a
    "sledgehammer"....
    I don't and won't. Your techniques are good for national companies really
    bad for global...

    Michael
     
    Michael Pelletier, Apr 17, 2005
    #68
  9. Microsoft based no doubt. I bet you even have your DMZ servers on the same
    authentication scheme as your internal clients...
    Most of us in fact...
    Jim, you were doing so well for some time. Then your lame sarcasm has reared
    it's ugly head again...
    Look Jim, use whatever technique you want to use. I do not care....whatever
    works for you...

    Michael
     
    Michael Pelletier, Apr 17, 2005
    #69
  10. I know we all have got off topic a little but, I thought this was relevant:

    http://yro.slashdot.org/article.pl?sid=05/04/16/1729233&from=rss

    Michael
     
    Michael Pelletier, Apr 17, 2005
    #70
  11. Jim Watt

    Jim Watt Guest

    I always had trouble suffering fools gladly.
     
    Jim Watt, Apr 17, 2005
    #71
  12. Jim Watt

    Leythos Guest

    No, here's the problem - you seem to think that the world is your my
    market-place, but I seem to have a better understanding of my market-place
    and know where my customers and remote users are. If I understand what I
    just said, I can still block subnets in foreign countries and still allow
    remote connections from unblocked areas of those countries.

    Now, before you misunderstand again, since I only work with US customers,
    except for a couple places in India, I can safely block most foreign
    countries from my US based services, and it will not have ANY impact on my
    customers or my workers, even my workers that travel.

    Now, again, if I understand my target audience and have any clue about my
    own company and it's resources, I can safely block non-needed access to my
    company without any problem.
    Read my reply to your complete misunderstanding of the reason for blocking
    - if you DO NOT PROVIDE SERVICE TO THOSE COUNTRIES you don't have any
    reason to provide access to your network from them. If you're sales people
    don't travel to those countries you don't need to give them access from
    those countries either. What part are you unable to understand about this
    concept.

    There is NO SHRINKING of the target, you can't shrink the target audience
    if you didn't offer services to them to begin with.
    Windows has nothing to do with a secure/non-secure network, Windows
    servers are as simple to secure as any other server if you understand the
    OS. We've had public Windows servers running at fortune 500 companies for
    5+ years, running ASP and (not as long) .Net applications, without a
    single compromise.

    And the point you miss, another time, is that if you don't offer anything
    to country X, you don't need to provide access from country X to your
    network. This means that if I don't provide ANY services to country X,
    don't have business work in country X, don't have employees in country X,
    I can block that country WITHOUT ANY IMPACT on my business.
    You're not telling me anything new, I design secure networks for a living,
    ones that have passed Homeland Security audits, and the first rule of
    security is to limit access to resources to those users/systems that need
    access.
    You don't really understand the internet or business if you believe the
    above, and you don't do security work for a living either.

    The purpose of having a website is to allow your information to be
    provided to your target. The target can be as small as one user/system or
    as large as the world. Only the owner of the service has a right to
    suggest anything to the contrary.
    Wrong, since you don't offer services to the world, as is the case in my
    part of the discussion, there is no reason to require a user/system to
    LOGON to view the public information targeted to them - that's like asking
    me to logon to my cable TV before I can watch any TV.
    And I never suggested that it would work for you, I said, and you need to
    read this, I don't do business outside the US, Canada, GB, and India, we
    block anything we don't need once we see an attempt to break into the
    networks. This method does NOT IMPACT OUR BUSINESS.

    Also, this has nothing to do with any specific service, it's not about
    email or web or ftp, it's about the basics of security: If you don't need
    to provide access to something, don't provide access to it.
    And I didn't suggest that you needed to apply it to your organization. Our
    sales, customers, techs, business partners, etc... work with our systems
    and networks just fine, never a problem, and never a complaint. We don't
    provide services to the world, only a select portion of it, and we're very
    happy with that scope.

    What you should understand from all of this is that many businesses are
    not global, don't need to expose their resources to large areas of the
    world (geographically), and that basic security principals dictate that
    you only expose what is needed. You might want to analyze your business,
    where it's doing business/partners/support and determine if you really
    need to provide access from attacking networks in countries where you
    don't do business/etc.

    As I said before, been working with systems/computers since the 70's,
    doing networking and security for a long time, and never had a compromised
    system/network at any location. I'll stick with my methods and processes.
     
    Leythos, Apr 17, 2005
    #72
  13. Jim Watt

    Leythos Guest

    And this is your point of confusion - not anything is broken at any time
    if you understand the basics of your targets and your basic security
    principals. If you don't have a reason to provide service to country X (no
    reason at all), then you can safely block it. Notice, read it twice if you
    have too, I said "If you don't have a reason to provide service to country
    X then you can safely block it).

    If you have a reason to provide services to country X, then don't block
    it.

    The above are simple concepts, and they work for everyone.
    And the above two concepts (which are really just one concept) would apply
    to those sales people in your company as easily as they apply to anyone in
    my company - if you need to provide service to the world, then don't block
    anything, otherwise, if you're smart enough to know your targets, you can
    block without any issues.
    There is not a single technique that gives a better method than blocking -
    that's what firewalls are about. If I don't want the public to access my
    SQL server or my Oracle server I don't open those services through the
    firewall. If I don't want to expose my web-server to places I don't target
    then I block access from those locations. If I don't want email from
    China, directly from them, then I can block their networks from accessing
    my services.

    If you ever get into security or providing public services from networks,
    you would do well to learn what I've just said - only expose what you need
    to expose, nothing more.
     
    Leythos, Apr 17, 2005
    #73
  14. Jim Watt

    Moe Trin Guest

    No, you are misunderstanding my posts. I'm not showing what my company
    is doing (NDA and all that stuff). I do know about some of the blocks
    because I'm in network support, but I don't have access to the firewalls.
    What I do at home is quite different.
    You don't want to hear different - so be it.
    Read the thread in comp.security.firewalls, specifically my response to
    Leythos last Wednesday. You look up our company in ARIN or IANA, and the
    address is New York. You do a traceroute, and the last response you
    get is BBN in San Jose California. But I'm not there, and some of
    the subnets are in Europe, some in Japan, some in Argentina. But we can
    block (for example) China because communications from them go via the
    local company that we own there. You can do some neat things with DNS,
    you know. That helps, because I doubt that we have that many people in the
    states that are comfortable with Big5. Those dudes are in Shanghai or
    whatever it's called now, Beijing, Singapore and Hong Kong. Also, golly gee,
    we're in a different time zone. That's not the excuse for Central/South
    America, but they go through the reps down there, not here, on their local
    time, not ours. Lather, rinse, repeat. Or doesn't your company have
    facilities overseas?

    Do a read on news.admin.net-abuse.blocklisting a month or two ago. Some
    clowns were trying to get a block lifted on Singapore IP space that was
    used by American Express. I'm sure you've heard of them - registered in
    New York also. The IP space was assigned by APNIC to some crappy .sg ISP,
    and I suspect the posters were local employees of whoever is repping AmEx
    there. I recall one of the addresses they were bitching about did resolve
    (both ways) to a aexp.com name. A traceroute sure looked like .sg too.
    This is alt.computer.security - a lot of the readers are under a hundred
    million dollars in sales a year. I dunno about those Cadillac dealers,
    but I haven't seen their domain names in the news spool. But then, I'm
    sure I'm not the only one here who's not posting with a company address.
    Hotmail??? What an incredibly stupid thing to use for business. My
    management would go absolutely ballistic if I tried to conduct business
    and failed to use the company mail servers. It really doesn't inspire
    confidence to see a hotmail or similar used as part of company business.
    Not in the office? Tunnel in. Period. If your network people can't figure
    out how to make such a tunnel, whether from Starbux, or the hospitality
    suite at some airport, or some shitty two line ISP in a sixth world country
    in the middle of Southeast Nowhere, or can't figure out a means of securely
    authenticating and encrypting the tunnel, they _REALLY_ shouldn't be in
    the business. I certainly don't want to do business with a company that
    incompetent.
    I'm not the mail king, and I really don't know all of the blocks that are
    in place (I know about AOL, and a few others, because I helped the poor
    sod who is the mail king in identifying some of the hosts). My home
    address is a random character string (I used /dev/random piped through
    uuencode when I opened the account - the expression of the salesdroid
    when I explained what I was doing must have been priceless), and it's not
    used for mail other than to receive the monthly invoice from the ISP. They
    also give me up to five additional account names for mail, and I can change
    them freely (which I do on an average of once a quarter). The only people
    who know those are family and friends. Other than that, I don't do
    email - as the headers show.

    Old guy
     
    Moe Trin, Apr 18, 2005
    #74
  15. Jim Watt

    Leythos Guest

    OG, I'm starting to suspect he's not really a technical type, more of a
    some-day-hopeful. As I see it, almost every company I know, and all of
    them we've setup, have Web access to their email, including access via
    their cell phones, PDA Cells, BlackBerry's, etc....

    He keeps coming up with reason to not block a network, but he's not
    addressing the issues that were presented at the start of the discussion,
    and he fails to understand that the proper way to secure a network is to
    restrict access to only those that need it.
     
    Leythos, Apr 18, 2005
    #75
  16. Jim Watt

    Moe Trin Guest

    I still can't get over this one. In the 15+ years that I've had external
    email. I have NEVER seen a reputable company using anything other than
    their own mail systems. Flat out NEVER! Heck, even my neighbors teenage
    son who's operating a bicycle repair service out of the third bay of
    the family garage even knows that - has his own domain, and even provides
    bills on a presentable letterhead. I don't think he's out of high school yet.
    I don't think we've ever had web access. In the late '80s. once we got
    access to DARPANET, we had some horrible application - don't even remember
    the program name - that ran under DOS that you basically used for terminal
    access. That lasted until about 1992, when we got an application that ran
    under 4BSD, AIX, and SunOS over the net. It was basically a form of
    encrypted telnet with passwords changing weekly, then your session was
    further encrypted with a personal key once you logged in. If you were
    coming in over the Internet (and in 1992, that wasn't all that common),
    you connected to a bastion host, and after authentication there, got to
    connect to an inner server where you logged in and actually did stuff. It
    was _SLOOOOOOOOOWWW!!! The company backbone then was a 56k link, and all
    of the local sites were running 10MB Ethernet. Our connections to the
    world (we had 3 that I was aware of) were also 56K links. When we finally
    got a T1, we were amazed. Almost like "local" performance. I don't know
    what the backbone is now, but last week I was stealing lots of CPU cycles
    for the accounting division (it's tax time) from servers in France, Japan,
    New York, and California depending on local time of day.
    Access to a network isn't all of it. Everything that is publicly accessible
    on our nets are in the DMZ, or locally operated DMZs in overseas facilities.
    That includes mail in/out, web servers, ftp, and such. There is no access
    to ANY internal network, and that includes name-service to resolve internal
    subnet hostnames. For that matter, there is no access _from_ the DMZ into the
    internal network - only access from internal _to_ the DMZ/. Our remote access
    from the world isn't even on our /8, which does make it harder to hack in.
    It's slightly slower, but it's not like we have people running remote X at
    1600x1280x76 through a tunnel.

    Old guy
     
    Moe Trin, Apr 19, 2005
    #76
  17. You did not read what I said, I was sending a question to a company. I was
    logged into hotmail on my PALM. I was not at home, I was in a cafe...
    No shit really? You should ask question before you
    judge..."some-day-hopeful"? maybe you...

    Idiot! The point is we are a global company! Explain to me this. our sales
    people quite often go to Chine, S. Korea all over S. America. As you know
    sales people the hand the cards out to everyone they can. Should I have
    them include a warning that they can only email our sales people after they
    have sent snail mail to me to unblock their IP address? Ya, that would work
    really well. In fact I can see the business card now:

    Mr. Brown VP Sales
    Email:
    (Please if you are not in the US send regular mail to IT team because they
    are to lame to figure out a way to limit/stop SPAM.An currently they are
    blocking your company)

    You sound more like the "some-day-hopefull" to me...


    Michael
     
    Michael Pelletier, Apr 23, 2005
    #77
  18. Gee, thanks for the advice I've only been doing for quite some time but, I
    really appreciate you security 101 lesson. Really, I do.

    A couple of flaws in your argument
    1) SPAM is not a SECURITY issue. It is a nuisance. Not counting SPAM that
    are phising. Now don't say emailed viruses are SPAM because everyone
    filters incoming email to remove Defanged MIME attachments and dangerous
    file types. I am sure, rather hope, you have some sort of filtering of your
    incoming email...
    2) You seem to not be able to comprehend that not everyone has the same
    business model as you. You may be able to block countries, but I can not.
    Why you ask, I will tell you:

    For the last time, we have sales people. They travel a lot. In fact most
    have a 80% road time to 20 % office time. Most travel overseas. Their
    travel includes but, is not limited to, China, S Korea and most of S.
    America. What do sales people do when they travel. They sell. They hand out
    their business cards to anyone that will take it.
    So what do you do? Do you include a disclaimer on your business cards that
    reads "If you come from these countries, CHINA, Etc, ETC, sorry we do not
    except email from you."
    Do you really think that is a good idea?
    3) Why should I block email from various countries because of SPAM when I
    can accurately nuke it? You guys have never answered this question yet.
    Instead you give me incorrect statement's about security when SPAM is not
    equated to security (minus phising). Then, you say I do not know security.
    Nice try, but I think you should at least know what then hell you are
    talking about first. I am starting to think you just another blowhard
    wannabe.

    Michael
     
    Michael Pelletier, Apr 23, 2005
    #78
  19. Sure.
    The part you do not get, is that fact that business people try to build
    contacts. In fact, if you are a sales person that does not try to build
    contacts you will not be a sales person for much longer.

    Here is the point (actually one of the reasons I do not block like that).
    Our sales people will try to get new accounts which means they will hand
    out business cards. Considering they do most of their business overseas,
    that means that you can not know all of the potential people who will be
    using our email system to contact our sales people. God damn it why the
    hell is this concept do f'n difficult for you people to
    grasp???????????????????
    If your business is static then you are correct our's is not. So therefore
    you are wrong. Read above.
    Well, good luck to ya. I personally never use Windows in a DMZ environment.
    While working for the government I would have been laughted at if I even
    tried to suggest it. Then again, it was a high research organization.
    Different philosophies perhaps...
    Didn't we already address this. You may work for a company who's business is
    static. Cool. I do not. At any given time we could get a new customer or a
    question about services. They could come from any where. As you can see, in
    our environment blocking is not the way to go.

    Forget for a minute about the company I work at. I have posted this question
    many, many, times and no one seems to be able to answer it. Why should I
    block when I can achieve almost exactly the same SPAM kill percentage? Why?
    Please don't say something lame about security we are talking about one
    port (25) access. There has not been a security breach in sendmail in quite
    some time. Even if their was, the way viruses and worms travel it would not
    make much of a difference...so anwser the question
    Again, read my situation with sales people. You do not know business...
     
    Michael Pelletier, Apr 23, 2005
    #79
  20. Maybe you misunderstood my original post. Maybe I did not explain it clearly
    for you. First no, I do not work for a company that uses HOTMAIL. I need to
    emaila question to a possible vendor. I was in a cafe. I had my Palm Treo.
    I was already logged into hotmail at the time. So I created an email and
    sent my question on pricing to them. Get it now?????????
    I remember going from a 56k frame relay to 512. I though I was in
    heaven :). Now, we have 100Mb FastE (it really is a Sonet transport with a
    100Mb FastE handoff) links within the city I work. How things change so
    fast...Now VoIP...
    Nice setup...

    I run all FreeBSD servers in the DMZs. Each server is stripped down to the
    barebones. Only what is needed to preform the task the server does is
    allowed on. Each service within each server is run in a jailed environment.
    We have 12 DMZ interfaces. Each DMZ performs a logical task. I.E. Email
    gateways are in one DMZ, Web servers another DMZ, etc, etc. All access is
    one-way (from the intranet to the DMZ) except email (which is allowed to
    forward to the internal email servers and syslog which is allowed to also
    forward syslog messages to an internal server. I have Snort boxes on all of
    the DMZs and in between the Internet routers (using BGP) and the first
    firewall. Each Snort box has a local firewall and blocks every packet from
    the bridging layer up on the "listening" interface. They all have their
    reporting interface connect to a special DMZ that my internal system
    monitor polls to....and so on and so on...


    Take care, nice talking with someone who really knows security as apposed to
    wannabes...

    Michael
     
    Michael Pelletier, Apr 23, 2005
    #80
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.