At 11:40 3/6/96 +0200, you wrote:
>> >>
>> >> Yes. That requires a (vulnerable) server to be visible on
>> >> the Internet.
>> >>
>> 1. Lets assume that mail isn't (what the American's term) mission
>> critical to you. Then none of this matters.
>>
>not true.
>if email isn't mission critical, but a bug in it can be used to attack
>mission critical services or data - then it's mission critical.
This is a key point which I think you fail to understand.
Which is why I refer to the Americanism.
Does any aspect of your business depend on the mail?
If the mail failed would it impact you? Would it cost money
due to delays? Never mind BUGS. That's not relevant here. Never mind
penetration. We are talking "Denial of service". If something prevented
you or one of your managers from getting to work or comunicating with the
office, would that impact the business. DENIAL OF SERVICE only counts if
that service is key. Denying you that ability to finger my site doesn't
impact your business.
If all you're in this for is mail, then you could be using UUCP not IP.
In that case the denial of service attack still applies, even though the
store and forward nature of UUCP make penetration of your site completely
impossible.
>> 2. Somewhere there has to be a server which contains your mail, either
>> inside or outside some arbitrry boundary of your control. The mail is
>> 'delivered' - that is sits in mailboxes (aka /var/spool/mail/<username> -
>> on that box.
>>
>> 3. It that server is down you cannot get the service. DENIAL OF SERVICE.
>>
>1. denial-of-service is (almost) better as break-in.
Meaningless sentence, I don't know if its your poor English or if you're
missing the point. I suspect from other things you say its the latter.
>2. how could you prevent denial-of-service with a firewall?
No short answer. But basically its an issue of who controls the server.
>>
>> 4. See 1
>>
>> 5. If that server is compromised, someone is reading your mail.
>you have to assume email to be insecure - in every case.
>OTOH, you're surely right. this is the main reason why i wish to have
>my email server under my control.
That mail _transmission_ is insecure is a bit of a myth.
Its _easy_ to read mail sitting in a box on the server, its diffucult to
read packets in transit.
>> 6. See 1.
>>
>i think we both spoke of different things.
>at the beginning of this threat, there was something said like "if i
>don't offer any services inside, why should i use a firewall?".
>rick answered "So you're not doing e-mail.", with which a disagreed.
>(i don't say i wouldn't use a firewall. i just say if a site is *sure*
>they don't have *any* services inside (which is, of course, quite
>unrealistic), it *could* be adeaquate not to use a firewall. security
>policies are different.)
>my main point was that you can avoid email-server-bugs which can
>compromise your *whole* security by placing it outside.
No. You're placing undue emphasis on "bugs" in the E-Mail server. There
are servers which are - at this level - bug free. But you would still have
a firewall.
STOP THINKING OF A FIREWALL as a single machine. Its not, its a whole
seiries of technigues, a way of orgainizing your networks and a way of doing
business.
/anton
----------------------------------------------------------------------------
Anton J Aylward | Security is not something that comes in
The Strahn and Strachan Group Inc | a self-contained box. It is an attribute
Information Security Consultants | of how you do business and as such
Voice: (416) 494-8661 | needs to be managed carefully.
Fax: (416) 494-8803 | - Karen Goertzel, Wang Federal Inc.
Follow-Ups:
|
|
