Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Monday 28 October 2002 10:19 am, Kent Borg wrote: > On Thu, Oct 24, 2002 at 11:48:47AM -0400, David Kramer wrote: > You are confusing "firewall" with "secure machine". The two are not > the same. I agree it is important to run a secure machine to avoid > becoming a zombie that could be used to attack others. Excellent point. And one I should have thought of, since my first attempt (years ago) at putting a Red Hat 5.0 box online with a cablemodem ended abruptly when I was hacked into after only five days. After that, I learned how to do it right, and I haven't been hacked into since. > But last night, after I had gone upstairs for the night, I went back > downstairs to turn off the kitchen computer; I had recently installed > Red Hat 7.2 (experimenting with raid, wanted to see how 7.2 behaves) > but had not installed the security updates. Sure, it was behind a bit > of a firewall, but firewalls are not perfect. No reason to leave it > up for hours and hours of possible probing. That is the important step I was missing. While UNIX as a whole is structured to make getting permissions you are not supposed to have much harder, bugs in software that allow it are found all the time. Constant vigilance is essential. Fortunately, this is easy, as Red Hat runs several mailing lists that will tell you when there are updates. But you have to do it. > How up to date is your firewall? How complete is its protection when > it is working correctly? ... You had better have your computer up to > date too, and if you do, the need for a firewall is much less. A > firewall that offers a false sense of security is possibly worse than > no firewall. No castle was ever built with only one level of defense, and servers shouldn't either. Quite true. I even used to have trap doors on my system that would kill your shell if you didn't issue a particular command within one minute of logging on (now I just turn it on when I'm away from home and may not find intruders right away). Firewall configuration is important too, as you said. Especially shutting down SMB and X protocols. I get a few dozen hits a week with Netbios packets and SMB stuff. I had some friends over for the weekend recently. One wanted to check their mail, but couldn't because I had outgoing POP disabled at my firewall. He asked why, and I said I use IMAP. He couldn't understand why I would block an outgoing port. If you are using IPCHAINS (not IPTABLES), there's a pretty good web-based firewall script generator offered by Robert L. Ziegler at http://www.linux-firewall-tools.com/ Thanks for expanding on my post, Kent. ------------------------------------------------------------------- DDDD David Kramer http://thekramers.net DK KD DKK D "Before you criticize someone, you should walk a mile in DK KD their shoes. That way, when you criticize them, you're a DDDD mile away and you have their shoes." ??
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |