• 04/28/2003
    5:56 PM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Don't Panic. Plan

Connecting to the Internet means exposing your network to attackers, from script kiddies to skilled black hats. But the situation is not as dire as you might believe. We consulted

Ninety-six percent of those polled say full disclosure serves as a check and balance to vendors, which otherwise wouldn't fess up to security vulnerabilities. The famous tagline used by L0pht Heavy Industries, now @Stake, "Making the theoretical practical since 1992," was in direct response to Microsoft, which had stated that a vulnerability was highly theoretical. Now, that doesn't mean vendors should be surprised by vulnerabilities announced on public lists. Many researchers notify vendors about security problems and work with them until a solution is found, and many vendors have programs in place to support vulnerability reporting. As long as researchers and vendors work together, the Internet community is served. Full disclosure works. Before you start throwing stones at neighbors with vulnerable networks, take a good look at your own network. Traffic flows are two-way streets and screwed-up configurations affect systems near and far. It takes a village to raze a network.

In some cases, you may have to get your service provider to make configuration changes for you. It's worth the hassle--the more relatively minor misconfigurations get fixed, the better off everyone will be. In no particular order, here's a checklist to get you started:

• Filter outbound traffic: If the firewall is blocking only inbound traffic, you're using only half its capabilities. Start identifying necessary outbound traffic and disallowing everything else. Doing so makes getting data through the firewall more difficult.

• Filter your egress: Your organization should know what subnets are hosted on the network. Allowing only traffic originating from those subnets to traverse the border router or firewall prevents traffic with spoofed source addresses from passing. Enable antispoofing at the router.

• Disable directed broadcasts: Directed broadcasts are a side effect of networking. Send an ICMP Echo Request to a network broadcast address, and all available hosts will respond. There is little need to allow directed broadcasts--or any from from foreign networks. Disable directed broadcasts at the router.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments