the firewall down to the bare essentials needed for the purpose of the
network it is trying to protect.
In addition to these tools, many types of scanners are available for
download from reputable sites. Things such as port scanners, testers,
and IP range scanners are very common and, if investigated care-
fully, can add a valuable resource to any administrator’s toolbox.
Care must be taken, however, because hackers have been known to
post infected tools—they know that administrators want to use the
same tools they use to test their systems. Creating fake tools that are
actually Trojans and worms to be downloaded by system adminis-
trators is yet another avenue of attack. Never download a tool from
a web site without a Domain Name Server (DNS) entry (a domain
name such as www.google.com) or from a web site that merely pro-
vides a link to the software’s executable on an FTP server with only
a numeric IP address as its referrer. Always search for the original
author’s site, and even then exercise judicious care, scanning the file
with virus scanners and testing it in a sterile environment.
Building out a homegrown firewall, an effort of noble proportions,
should not be undertaken lightly. In an ideal situation, there will be
a test machine with the same configuration as the firewall, where
change can be introduced and tested before promotion to the pro-
duction firewall. Installing software on a machine where machine
services have been removed and disabled can sometimes lead to seri-
ous problems—problems that could create gaping holes in a firewall.
An administrator, armed with the unique knowledge of threats
posed within her environment and with a comprehensive under-
standing of firewall technology, should be able to successfully engi-
neer an effective firewall policy.
The epmap service is the service that the infamous Blaster virus leveraged in its assault.
It can be disabled by most software or by disabling the dcom services in the services panel.
6.5 Summary 129