On Tue, 8 Jan 2002, Kristian Lyngstol wrote: > On Tue, Jan 08, 2002 at 01:36:03PM +0000, Jeff Schaller wrote: > > On Mon, 7 Jan 2002, Pybus, David wrote: > > > 2) Enter 'cat target-file' > > > > $ cat: command not found > > What is most important? If your system is intruded you should > do a offline reinstall anyway.
You're right -- it's usually more difficult to repair the system, particularly in my stripped-down firewall, than to just re-install or re-create it. What I wanted to get across in my reply to David is that the project has defense in depth. Even if a cracker manages to get shell access, they will have a hard time making changes. This idea extends to buffer overflow asm code, etc. Initially, there would be no network-aware daemons on the box. > Of course, you could always disable echo in your shell, but > then you can just disable all shell access while you're at it, > because what this is heading at is a completely useless shell. Exactly. I'm not sure if I leave /bin/ash laying around after system bootup; I can't think of any good reason why I'd need to, other than a curiosity shell on /dev/console > When you lock your door, of course someone _could_ pick it, > but it's no point in burning up everything but the pc (which > in this case would be the service) to prevent thifes from > stealing. I suppose it's close to this idea; I think of it as putting the house up on a hill with fences and guard dogs and snipers. Sure, you could get by any one or two of them (with the appropriate tools or methods), but in combination they're potent. I'd claim or hope that it'd be "impossible" to break in, but I'd probably settle for "too difficult to be worth it", which is all you need. I agree with the rest of your post -- they are common methods that people use to secure servers. I guess I'm looking for a slightly unconventional approach, and I'm curious to see how it turns out :) -jeff -- A language that doesn't have everything is actually easier to program in than some that do. -- Dennis M. Ritchie
