Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Opinions requested

Opinions requested

Moore, James (James.Mooreums.msfc.nasa.gov)
Mon, 14 Jun 1999 15:04:03 -0500

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Richard Rees: "Re: Transfering off-system firewall audit trails"
Previous message: Andy Smith: "Re: IMAP who provides CERT support (was Re: IMAP- how to protect a server?)"

I've recently connected a small LAN to the Internet via cable modem. I'm
using a product called WinProxy (www.winproxy.net, not the Ositis
WinProxy... or are they the same?), that claims to be a combination
firewall/proxy. The WinProxy host is an NT box configured as follows:

* 2 NICs: one to the Internet, the other to my private LAN
(192.168.x.y)
* a webserver (Netscape) answering on port 80 on the external NIC
* no other network apps installed on WInProxy host
* the NT box is secured iaw most of the current "best practices"
(guest acct disabled, etc)

All of the internal hosts use socks5 (we use the socks client from NEC) for
allowed services (mail, telnet, ftp, http). All internal hosts have private
IP addresses (192.168.x.y). All internal machines are Win NT (one Linux box
we're evaluating); the only security requirement on them now is passwords
must be at least 7 chars.

I know this isn't the most secure setup, but I am interested in any informed
opinions wrt specific vulnerabilities of the WinProxy product in particular,
and this proxy/firewall configuration in general.

My primary concern is protection of the internal machines... is it
realistically possible for a host on the Internet to get through the proxy
server and connect to one of the hosts on our private LAN? The WInProxy host
itself is expendable, but the others must be protected against unauthorized
access.

Finally, while information on theoretical vulnerabilities would be
appreciated, I'm more interested in the practical; i.e. "yeah, go to
www.hackerfromhell.com, and see the pork_proxy script". Any suggestions on
improving and/or monitoring the security of this setup would also be much
appreciated.

Thanks,
Jim Moore

Next message: Richard Rees: "Re: Transfering off-system firewall audit trails"
Previous message: Andy Smith: "Re: IMAP who provides CERT support (was Re: IMAP- how to protect a server?)"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:00 CDT