[wellylug] Opensouce "infectious" and should be "Quarantined" - NZ Government..

Gerald Roehrbein Gerald.Roehrbein at pro-grundgesetz.org
Sun Mar 12 04:52:05 NZDT 2006


Am Sonntag, den 05.03.2006, 20:36 +0000 schrieb Jim Cheetham:

Hello Jim,

> BIOS "anti-virus" feature only checks for changes to the boot sector of
> the disk, and usually checks it to make sure it's pure Microsoft code.

yes, that's the main function but this BIOS contained a virus and
installed it any time at my harddrive.



> Therefore they should also dislike Open Source, because if anyone from
> the Church of Scientology contributed code to their software, it would
> not be disclosed (or worth comment).

They use SuSE. This was only an example of what goverments advise. If
they want to do something they will find arguments.

> If your production systems are not even indirectly attached to the
> Internet, they cannot be used at all :-)

Direct means: Without a firewall or a proxy
Indirectly means: Using a firewall and or proxy

In the 90'ies MS made some suggestions at tech net for building safe
corporate networks:

Use two physical seperated networks for it.

I often use Citrix Winframe server farms to be safe, no TCP/IP between
client and Citrix server and a switch which is able to suppress TCP/IP
between user. (www.cirix.com) I offered this month before Citrix offers
this at their Website the first time (1990 or so). 


Software downloaded from the WEB goes into quarantaine for a while on a
special equiped hardware able to detect any changes the new software
will do!

And after this you can copy this software into stage test, check it
again and after succesfully tested it goes to production.

That's safe.



> Hence you use an HTTP proxy facility in your firewall. If you set your
> environment up "correctly", the proxy will not pass any request inwards
> unless it is completely valid - i.e. it refers to a URL that is allowed
> to be published.

The problem is, in my opinion, completely different.
A user allows for example running ActiveX activating malicious code  or
a user downloads and installs a malicious software. This malicious
software can open port 80 and establish any connection and forward any
data gathered in your network to anybody and nobody will be interested
in.

Allowing a consultant using his or her own notebook inside your
Companies network can end in the same.

Most attacks come from inside a Companies network is reported by
Computerweek.

Because it's just normal HTTP running and the port is opened from inside
your network nobody is interested in.


> I agree that just blocking unused ports is absolutely pointless - if
> they are really unused, the incoming connection would fail even if there
> were no firewall :-)

Using a firewall is just one step. The next step is using intrusion
detection and having an expert reading and understanding the protocols
of the firewall and the intrusion detection system.

Compare this cost with using two separted networks or a solution using
protocol separation and terminal servers!

Such a solution as described above, including having a firewall between
the terminal servers and the WEB, is easy to use, maintain, safer and
with less TCO (Total Cost Of ownership).




kind regards
Gerald





More information about the wellylug mailing list