Facts, not Fiction

chuck yerkes Chuck@yerkes.com
Fri, 14 Nov 1997 14:50:18 -0500 (EST)

It is claimed, but unverified, that Chris Brenton wrote:
> Andreas Siegert wrote:
> > Unless the customer is on an extreme low budget, I alway use a multistage
> > design. Anything else would be irresponsible in my opinion.
> >
> > afx
> Case 1: A pure Mac shop with an ISDN connection to the Internet.
> There are no internal IP services. Users connect through the
> ISDN connection in order to access POP mail from an ISP and
> browse the web.

Except when someone puts telnet and accidently serves ftp with
no passwords - allowing access to any machine on the mac network
(that was a neat bug).
Except when someone puts up a web server/ftp server.
Except when someone starts using appleshare IP.

These holes don't get noticed quickly.

I recently ran a SATAN scan on a friend's network (with permission).
We crashed 1 notes server, found free exports from their apple server
(just upgraded to sys 8/appleshareIP - indeed I could mount it on my
Mac over the net as could *anyone* else).

But they were "just running PCs and not really using IP except as
clients" so they "didn't need a firewall".

I run into this time and again.  Small companies, wanting "on the net."
What would be the cost for them to have data taken?  Not a lot,
likely.  Data ALTERED? Well that's a tad more expensive....

> Case 2: A national bank running the latest UNISYS system with
> integrated NT server. System access is via IP. The bank has a T1
> connection to the Internet and wishes to allow customers to
> administrate their bank accounts via the Internet.
> While these two cases are a bit extreme, it's clear that they do
> not require the same level of security. A multistage design for
> case 1 would probably be overkill.  Again, this is all IMO.
> Insisting that a multistage design is always required so long as
> the customer can afford it, rings too much like a sales person
> who knows what they want to sell you before they even know what
> you need.

I won't comment on NT's ability to serve hugh volumes and reliability
in a critical system - but yes, I'd expect the protection and the
software to be much different.  I'd be authenticating much harder
and proxy the server with minimalist carefully audited software.

But when mom has a cable modem and her bank data is accessible to
others due to simple, easy-to-do misconfiguration, that's a problem.

Firewalls give one point to focus security.  The difference is that
cheap places rarely secure the client machines.  By giving them a
solid firewall that mistake won't cost them their business.