I read this thread with interest... it's interesting what people think.
As a 3000 installation that has it's 3000s connected to the internet, let me
offer the following:
1. SAFE/3000 (already plugged) has the best security checking *before* the
initial prompt and can detect more than the other security products, as good
as they too, are. I have SAFE/3000 and can attest to it.
2. I have a firewall in place. I allow certain networks through, I perform
certain protocol and service filtering. In reference to what Greg said
earlier, if you DON'T have a firewall in place with production machines
exposed to the internet - you deserve what you get! (and an offline
dressing down is NOT in order - it's like safe sex... consider a firewall
the electronic condom).
3. My firewall logs everything - and I mean everything. They are checked
daily. If we see anything out of the ordinary, we can usually identify the
perpetrator. If you have a firewall - check the logs.
Basically it comes down to this -- if you're going to put a 3000 on the
network and make its resources available over the internet, you have to
invest in infrastructure. This should be at a minimum, a firewall (NT Proxy
Server will do, if bucks are at a premium, but I would look at other
alternatives if money's available), and a good security package for the
3000.
A lot of people use Security/3000. That's a good security product, but if
memory serves correctly (and I'm sure someone will tell me if I'm wrong), it
kicks in AFTER the logon, not at the initial connection attempt. This is
the main difference between SAFE/3000 and SECURITY/3000. SAFE/3000 has more
extensive logs as well.
Oh well, back to making a few changes to the SIGIMAGE ballot... This is an
example of a 3000 on the internet, by the way - and behind a firewall :).
It's open - if you haven't voted - please do so!
(http://www.csillc.com/sigimage/)
Cheers,
Joe
|
