Search This Blog

Saturday, April 27, 2013

firewall-wizards Digest, Vol 64, Issue 16

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Linked-in and its Phishing-like contacts option!
(Bennett Todd)
2. Re: Linked-in and its Phishing-like contacts option!
(Bennett Todd)
3. Re: Linked-in and its Phishing-like contacts option! (Jim Seymour)
4. Re: Linked-in and its Phishing-like contacts option!
(Gautier . Rich)
5. Re: Linked-in and its Phishing-like contacts option!
(Marcus Ranum)


----------------------------------------------------------------------

Message: 1
Date: Fri, 26 Apr 2013 12:35:21 -0400
From: Bennett Todd <bet@rahul.net>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: mjr@ranum.com
Cc: firewall-wizards@listserv.icsalabs.com
Message-ID:
<CAA9gXs8axh9cKKj8ThGzeFWXADLHvZWOOafxDFDfSQmva=ZCqQ@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On Apr 26, 2013 10:44 AM, "Marcus Ranum" <mjr@ranum.com> wrote:
>
> Bennett Todd wrote:
>> If user operational security was adequate, we could retire our firewalls
> Software flaws.

For myself, I prefer using software that's sufficiently simple, or widely
scrutinized, that it's not an easy target for an unskilled thug with little
incentive.

I'm happy to keep everything on systems patched up, for all my users.

But they invariably choose to use systems that have never been nor will
ever be secure, due to their complexity.

I think MIME represented a landmark, tragic fall we'll never recover from.

Unwise or imprudent folk have always dabbled with file formats that
embedded programming languages, but they used to have to at least try some
social engineering to fool their victims into running their intrusions. But
MIME made it too easy to automate any manual intervention out of existence.

So, I agree, software flaws, where the root flaw happens early in the
design process, in the problem specification, deciding to solve "problems"
that were in fact features.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130426/b3bb9b1c/attachment-0001.html>

------------------------------

Message: 2
Date: Fri, 26 Apr 2013 12:52:17 -0400
From: Bennett Todd <bet@rahul.net>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CAA9gXs_mb-P+kUR8EQeaBrJnWENpKY2=5FJqtfMz2QU1ZQ2Orw@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

> Turning off webmail access? How would one accomplish that, exactly,
> without essentially turning off web access entirely?

If you set your sights on 100% perfection, it won't happen.

But, if you make your goal to probabilistically interfere enough that users
complain, so you can explain the issue, shop for kit from the firms that
are favored by exceedingly wealthy brutal dictators, their goals have a lot
of overlap with any conscientious BOFH.

Another customer class is companies subject to insider trading regulation.
They shop in the same store.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130426/db3acba1/attachment-0001.html>

------------------------------

Message: 3
Date: Fri, 26 Apr 2013 12:15:01 -0400
From: Jim Seymour <jseymour@LinxNet.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <20130426121501.69f93f81@win0091>
Content-Type: text/plain; charset=US-ASCII

On Fri, 26 Apr 2013 11:38:48 -0400
Jim Seymour <jseymour@LinxNet.com> wrote:

[snip]
> As for LinkedIn: I've received so many LinkedIn emails reported as
> spam at work that they've occasionally been there.
[snip]

*sigh* That was supposed to read "been _blocked_ there."

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.


------------------------------

Message: 4
Date: Fri, 26 Apr 2013 16:51:37 +0000
From: "Gautier . Rich" <RGautier@drc.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <F353AE63105F5A40926680302798F42877A36101@EXMB01.drc.com>
Content-Type: text/plain; charset="iso-8859-1"

Yes, that's what I meant...turn off Webmail access entirely - I was mostly kidding - but if it's something that you can afford to do [users all have working VPNs, e.g.] - it would reduce a great deal of risk. ;)
Oh, and can that guy who gave the "God, whatever you do, don't fire your network geek" speech please come and give a motivational speech here?

Richard Gautier, CISSP
Enterprise Architect, Federal Group

650 Massachusetts Avenue NW
Suite 510
Washington, DC 20001
Office: (571) 226-8828 | Cell: (703) 231-2156
rgautier@drc.com | www.drc.com


-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Jim Seymour
Sent: Friday, April 26, 2013 11:39 AM
To: firewall-wizards@listserv.icsalabs.com
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!

On Wed, 24 Apr 2013 19:26:01 +0000
"Gautier . Rich" <RGautier@drc.com> wrote:

> Thoughts? I'm wondering why User Operational Security falls under the
> realm of Firewall Wizards..

I think of it this way: Firewall security, in and of itself, doesn't get the job done. You may have the most bullet-proof border the world has ever seen, but, unless that bullet-proof-ness means essentially blocking everything, both incoming and outgoing, it will not be enough. A layered defense is mandatory. One of those layers is end-user operational security.

Our goal is to protect the organizational jewels, no?

Besides: We've pretty-much beaten stateful/deep-packet inspection vs.
application proxy to death, no? :)

> ... plenty of users seem to
> be perfectly willing to accept the risk (or be unaware of it).

Both, IME.

> However, not much you can do on the firewall side other than turning
> off webmail access...

Turning off webmail access? How would one accomplish that, exactly, without essentially turning off web access entirely?

As for LinkedIn: I've received so many LinkedIn emails reported as spam at work that they've occasionally been there. I may have them listed on my mailserver at home, for the same reason. (Possibly so. Can't say as I've seen LinkedIn spam for a while.)

This nonsense of them asking for "work email password" is grounds, in _my_ view, to block them entirely. That's intolerable. I'm going to see if I can do that.

But I'm old school. I don't believe convenience, golly-gee-whiz-bang, and _especially_ "social networking" ought to trump security. Generally my bosses tend to agree. (Esp. ever since a couple of the Big Guys attended some-or-another network security briefing, which incl. a retired FBI agent, and were told that "whatever your network security is, it's probably not good enough" and "for God's sake, whatever you do, do not lose your network geek" ;).)

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
________________________________

This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.


------------------------------

Message: 5
Date: Fri, 26 Apr 2013 17:53:47 -0400
From: Marcus Ranum <mjr@ranum.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <517AF76B.1080606@ranum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Bennett Todd wrote:
> If you set your sights on 100% perfection, it won't happen.

If you set your sights on mediocrity, that's what you'll get, too.

I suppose satisfaction with something in between is what
we call "risk management." Enjoy it.

mjr.

--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenable.com



------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 64, Issue 16
************************************************

4 comments:

Anonymous said...

This piece of writing will help the internet users for setting up
new blog or even a weblog from start to end.

My site: useful Source

Anonymous said...

I am extremely impressed with your writing skills as well as with the layout on your blog.

Is this a paid theme or did you modify it yourself?
Either way keep up the excellent quality writing, it's rare to see a great blog like this one these days.

Here is my web-site click for british cream golden retrievers info

Anonymous said...

Those who find themselves doing use of solar power, though, will never past experience this dilemma.



Check out my homepage ... koszulki z nadrukiem

Anonymous said...

CeMAP training offered that will help students would address 3 parts exam.
This amazing Poker Training Do networking review can benefit you to reason that question on your
own.

Here is my blog post - imprezy integracyjne