I believe I first read it here. http://www.oreilly.com/catalog/bssrvrlnx/
But it is common and accepted knowledge based on the fact that on a firewall, what is no there, cannot be cracked.
If your firewall has only the bare services running then it is much more difficult to crack. I (as I'm sure others do) break this rule to make a firewall useful but I believe all of mine run only the basics (IPTables, Squid, DHCPD, DNS) + the needed support libraries.
Taking it one step further distro's like (www.netboz.org) allow you to build a firewall without a HD. That which cannot be written to cannot be permanently compromised.
IMHO, etc. =C=
-- * Cal Evans * http://www.eicc.com * We take care of your IT, * So you can take care of your business.
Jeffrey Smelser wrote:
oh? Why is this? And where can I read this bit of info as I would like to see how that would be so much more secure..
I am always willing to learn something new.
-----Original Message----- From: Jose A. Hernandez [mailto:[EMAIL PROTECTED] Sent: Monday, September 29, 2003 4:00 PM To: [EMAIL PROTECTED] Subject: Re: [gentoo-user] e-mailing log files
On a side note, it is usually not a good idea to have the firewall and the services you want to run all on the same machine. Makes it inherently a more insecure setup. If you can, keep the firewall physically separated from the rest of the services. You'll have greater security that way.
-- [EMAIL PROTECTED] mailing list
-- [EMAIL PROTECTED] mailing list