At 09:42 PM 9/12/2001 -0400, you wrote:
>On Wednesday 12 September 2001 20:13 pm, JW wrote:
>> 6. Monitoring and Logs
>> Need to investigate ways to monitor logs. All the professionals strongly
>> advocate monitoring logs. This is a good way of catching system errors and
>> failures before they get critical, as signs often start showing up in the
>> logs before they get bad.
>>
>
>Portsentry and logcheck. You should be running these already.
Aren't, because as I said we have not policy :-) and I haven't personally gotten
around to it.
>> 7. Firewalls
>> Need to look into firewalls and packet filters, though I fail to have
>> any confidence in them.
>
>You're not running a firewall??
Ah, I knew that would produce results. I admit I have not done a whole lot of looking
into firewalls, but I must say, they seem to be fairly useless in my sight. I can only
think of one single thing they help: we could restrict SSH access to only our office,
however we do travel and take vacations, and we always take laptops with us so we can
log in. But since we never know where we'll be logging in from, we have to leave SSH
access open from all IPs.
Tell, me, Would a FireWall have stopped code red? We have to allow full access to pop3
SMTP (incoming) HTTP FTP and SSH from everywhere. Tell me, then the next big
remote-root-compromise comes out for $HTTPd, or PHP, or $FTPd, or $pop3d, or $SSHd, is
a firewall going to protect us from any of them?
And as far as hiding services from outsiders with a firewall, I have a mush better
idea: remove the service entirely telnetd being an example.
Is a firewall going to protect us from password sniffing?
Is a firewall going to prevent someone who successfully breaks in from running a
backdoor? I think not, because once they're in they can modify the firewall.
Please, I'm not saying I know everything. In fact, though it won't be 100% true, I'll
blanket state that I "know nothing about firewalls.
Now, if anyone has wise things to say about this, can someone answer any of my
questions above, or tell me some useful things a firewall does that I missed, please
fire away.
Please be nice about it. I as I said already, I might just simply not be aware of the
magical things firewalls can do.
Somehow I doubt it though.
Please don't flame me, I'm not trying to hurt anyones feelings, and I didn't say fire
walls did nothing. I just don /know/ of anything they do.
>--
>+----------------------------------------------------------------------------+
>+ Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/12/01 21:41 +
>+----------------------------------------------------------------------------+
>Anagram: Evangelist = Evil's Agent
>_______________________________________________
>http://linux.nf -- [EMAIL PROTECTED]
>Archives, Subscribe, Unsubscribe, Digest, Etc
>->http://linux.nf/mailman/listinfo/linux-users
----------------------------------------------------
Jonathan Wilson
System Administrator
Cedar Creek Software http://www.cedarcreeksoftware.com
Central Texas IT http://www.centraltexasit.com
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
