Is anyone aware of any actual break-in that was accomplished by "taking
over" a PC (running DOS or Windows or Windows for Workgroups or NT) and then
launching an attack from there? I don't mean dialling in to a modem on the
PC, but an attack that could have been prevented by a better firewall. This
would include tunnelling where the user is enticed into running a program
acquired via the web, though I doubt that a firewall could prevent such an
attack from succeeding.
If PC take-overs are not an issue, would the following strategy be
No host (except mail & DNS) may use the Internet in either direction.
Firewall consists solely of filtering routers and logging machine.
We had been considering putting up a proxy gateway (CERN httpd) on a Linux
box, but with the above strategy, we won't do that unless I can come up with
a convincing reason to do so, because of the administrative cost and the
risk of performance degradation. We have a WAN with about 1500 PCs, an IBM
mainframe, half a dozen VMS, a dozen Unix, and about 50 NT hosts. PCs will
use Mosaic or Netscape. Thanks for any feedback or ideas.
Regional Information Systems