From: fc@all.net (Dr. Frederick B. Cohen)
Date: Wed, 11 Oct 95 10:26:30 PDT
To: patrick@Verity.COM (Patrick Horgan)
Subject: Re: NYT on Internet Flaws
In-Reply-To: <9510111604.AA06660@cantina.verity.com>
Message-ID: <9510111723.AA17966@all.net>
MIME-Version: 1.0
Content-Type: text


> I'd love to see something in there about most commercial sites being behind
> firewalls without nfs access across the firewall.  This greatly reduces the
> risk from the nfs problems.  If you get your binary via nfs from a trusted
> host inaccessible from the internet, then if you have this problem management
> can handle it as an employee problem;)  There are ways to make secure
> firewalls, it's fairly well understood.  Sometimes people point to things
> like the hack Mitnick did last Christmas, but his attack took advantage of
> a couple of things a security expert shouldn't have allowed, first and
> foremost two machines were accesible from the internet, and one of them
> trusted root logins from the other without a password:(
> 
> I could write something up about it if you'd like.

You might want to refer the NYT to the recent study published by
Computer Security Institute (in info-sec super journal on our W3 site).

There are alse several papers there on "Internet Holes" under Network
Security in the same on-line journal.  Every month, another 5-10 holes
are added to those published in this forum.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236