Re: [Leaf-user] Seti on LEAF (was Bash on LEAF)

Fri, 04 Jan 2002 10:11:50 -0800 

On Fri, 4 Jan 2002, Mark Plowman wrote:

> Dear All,
> 
> Am I alone?  I have stripped as much as I can *off* my Eigerstein Box
> (i.e. no DNS Cache, no DHCP Server, etc. etc.).
> 
> I was always brought up to understand that with respect to security:
> 
>   "Less is More"
> 
> 
> The reasoning?  As follows:
> 
> 1) All programs (probably) contain bugs,
> 
> 2) Some Bugs can (probably) be exploited,
> 
> 3) More programs means more chances of bugs,
> 
> 4) More bugs means more chances for an exploit,
> 
> 5) Therefore: as few programs as possible in a position that is
>    exposed.

I tend to agree with this... to a point.  I think the "halted" firewall
discussed in SysAdmin is excessive.

If you provide ZERO external services, only kernel bugs can be exploited.  
If a kernel bug is bad enough that it can be used to write arbitrary code
in arbitrary locations and alter the behavior of the software on that
machine, you are already hosed.

SETI doesn't open any sockets for listening... it is a client only.  
Compared to running DNS or DHCP servers, it is pretty innocuous... it
doesn't add to the list of listening ports. The only reason I don't run it
myself is memory shortage on the firewall.

> Certainly run everything *including* the "kitchen sink" on an
> *internal*, protected machine to use up those surplus CPU cycles and
> keep the processor "nice and warm", but *resist* the temptation to do
> so on the *firewall*.

... and put machines running external services into DMZs that cannot
access your internal network or the firewall machine any more than the
outside world can.

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<[EMAIL PROTECTED]>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to