[AccessD] OT: DSL/IIS/Viruses

Frank Tanner III pctech at mybellybutton.com
Fri May 23 10:20:27 CDT 2003


The IIS "viruses" are specifically why I run Apache
for my web server.  There are viruses for it, but
they're ALOT less common.

Actually, a wireless LAN can be just as safe as a
wired one, if you take the time to do it properly.

Yes, the "software" firewalls that are commercially
available are much more problematic than they're
worth.  PLUS you have the added hassle of there still
being holes in the underlying OS that they're running
on.  Any firewall is only as secure as the OS that
runs it.  Whether it be Windows, Linux, BSD, OS/2,
whatever.  The "hardwires" and wireless routers that
have a built-in firewall are perfectly fine for MOST
people.  However, they do not support DMZs.  Therefore
they're not advisable to use to run your public
servers.  You'd be stuck with one of two choices. 
Your public servers would be outside the firewall and
extremely vulnerable to everything that came down the
pipe.  Or your public servers would be behind the
firewall, so you'd open up the holes for that possible
attack, as well as your LAN would be wide open to
anyone that can exploit the server itself once they're
one it.  Once they have an open access behind your
firewall, they own your LAN, just as if you didn't
have one.

--- John Frederick <j.frederick at att.net> wrote:
> 1.  Concerning the wireless vs. wired lan, I
> wouldn't expect wireless to be
> any safer.
> 2.  The IIS viruses are a different breed from the
> email viruses.  I assume
> I got my IIS ones from these programs that are
> constantly searching for web
> servers.  During the time I was on-line getting my
> email or browsing, I
> looked like a wide-open web server.
> 3.  A firewall doesn't have to be a big project. 
> I'm told that there are
> low cost lan routers that include a firewall
> function.  You connect the DSL
> modem through that function.  I can testify that the
> software firewalls on
> each machine interfere with many of the programs
> that otherwise operate
> across your lan.
> 
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com]On
> Behalf Of Jim DeMarco
> Sent: Friday, May 23, 2003 9:45 AM
> To: accessd at databaseadvisors.com
> Subject: RE: [AccessD] OT: DSL/IIS/Viruses
> 
> 
> What about running it on another machine on my
> (wireless) network that's not
> directly connected to my DSL modem but has Internet
> access via that
> connection?  Is that any safer?
> 
> Jim DeMarco
> 
> 
> -----Original Message-----
> From: Frank Tanner III
> [mailto:pctech at mybellybutton.com]
> Sent: Friday, May 23, 2003 9:29 AM
> To: accessd at databaseadvisors.com
> Subject: RE: [AccessD] OT: DSL/IIS/Viruses
> 
> 
> Personally, I wouldn't run ANY public accessable
> services on my LAN.  There is a MUCH safer way to do
> it, but it isn't super cheap.
> 
> I have a custom built firewall, which I run at home.
> The "public" side of it connects directly to my
> Internet connection, in this case a 1Mbit VDSL
> connection.  Then I have a "private" side, which
> connects to my LAN, and has my strict firewall
> rules.
> Only what I want gets in and out.  Lastly, I have a
> "DMZ".  This is where I place my publicly accessable
> machines.  It is still firewalled, but not as
> stringently as the LAN side, since the public needs
> to
> hit it.  Even in this DMZ I only let through the
> ports
> I absolutely need to.  Such as 80 & 443 for Web, 25
> &
> 110 for e-mail, etc.  My LAN is also firewalled from
> my DMZ in this configuration except for what's
> absolutely needed.
> 
> In this confugiration, unless I specifically open an
> e-mail with a virus attached, or something silly
> like
> that, I'm about as safe as one can get from "the big
> bad Internet".  The worst that can happen is that
> there is an exploit for one of my publicly
> accessable
> boxes and they get compromised.  My LAN is still
> safe.
> 
> As a side note, my firewall, web server, and e-mail
> server are all running Linix or FreeBSD.  This makes
> them less succeptable to all of the more common
> attacks that the "script kiddies" like to use. 
> About
> 80% of the attacks and defacements on publicly
> accessable servers are done by "script kiddies".  An
> added benifit is that IIS specific exploits have no
> affect other than to fill my logs, which archive and
> rotate off daily.
> 
> Is this a bit excessive, since I don't run a
> business
> out of my home?  Yeah, it is.  But there's no such
> thing as too much security.
> 
> --- John Frederick <j.frederick at att.net> wrote:
> > Yes, it is necessary.  When I started doing .asp
> on
> > the same machine I used
> > to dial-up to get email, I got, over some period
> of
> > time, about a dozen
> > different viruses, some of which propagated
> through
> > my lan to other
> > machines.  If you can't block the access from the
> > net to your machines, you
> > need to either use a firewall or disconnect the
> pws
> > machine from the lan.
> >
> > P.S.: If you put firewalls, such as Norton or
> McAfee
> > on your machines, you
> > can ask to be warned and have a change to say ok
> or
> > no when a program tries
> > to access another machine or the net.  You'll be
> > amazed about how many
> > Microsoft and other vendow programs do so for no
> > reason related to your
> > current operation in progress.  If you're not
> > already paranoid, that will
> > make you so.
> >
> > -----Original Message-----
> > From: accessd-bounces at databaseadvisors.com
> > [mailto:accessd-bounces at databaseadvisors.com]On
> > Behalf Of Jim DeMarco
> > Sent: Friday, May 23, 2003 8:03 AM
> > To: AccessD (E-mail)
> > Subject: [AccessD] OT: DSL/IIS/Viruses
> >
> >
> > List,
> >
> > A while back I got a DSL connection on my home
> > office PC which I
> > occasionally use for web development using
> Personal
> > Web Server (Win 9x/ME
> > version of IIS).  I was advised by our staff
> network
> > person NOT to run PWS
> > after the DSL was up because I'd be succeptable to
> > attacks and viruses.
> > Does anyone know if this is true?  I have not run
> > PWS in a couple of months
> > and have been using a disconnected laptop to write
> > ASP code but I'm
> > wondering if this is necessary.  Would I need to
> > install a firewall if I
> > want to run PWS?
> >
> > Thanks,
> >
> > Jim DeMarco
> >
> >
> >
>
****************************************************************************
> > *******
> > "This electronic message is intended to be for the
> > use only of the named
> > recipient, and may contain information from Hudson
> > Health Plan (HHP) that is
> > confidential or privileged.  If you are not the
> > intended recipient, you are
> > hereby notified that any disclosure, copying,
> > distribution or use of the
> > contents of this message is strictly prohibited. 
> If
> > you have received this
> > message in error or are not the named recipient,
> > please notify us
> > immediately, either by contacting the sender at
> the
> > electronic mail address
> > noted above or calling HHP at (914) 631-1611. If
> you
> > are not the intended
> > recipient, please do not forward this email to
> > anyone, and delete and
> > destroy all copies of this message.  Thank You".
> >
>
****************************************************************************
> > *******
> >
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> >
> http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
> >
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> >
> http://databaseadvisors.com/mailman/listinfo/accessd
> 
=== message truncated ===



More information about the AccessD mailing list