Greetings,
On Wed, 12 Sep 2001, JW wrote:
> >> 7. Firewalls
> >> Need to look into firewalls and packet filters, though I fail to have
> >> any confidence in them.
> >
> >You're not running a firewall??
>
> Ah, I knew that would produce results. I admit I have not done a whole lot of
>looking into firewalls, but I must say, they seem to be fairly useless in my sight. I
>can only think of one single thing they help: we could restrict SSH access to only
>our office, however we do travel and take vacations, and we always take laptops with
>us so we can log in. But since we never know where we'll be logging in from, we have
>to leave SSH access open from all IPs.
>
> Tell, me, Would a FireWall have stopped code red? We have to allow full access to
>pop3 SMTP (incoming) HTTP FTP and SSH from everywhere. Tell me, then the next big
>remote-root-compromise comes out for $HTTPd, or PHP, or $FTPd, or $pop3d, or $SSHd,
>is a firewall going to protect us from any of them?
>
> And as far as hiding services from outsiders with a firewall, I have a mush better
>idea: remove the service entirely telnetd being an example.
>
> Is a firewall going to protect us from password sniffing?
>
> Is a firewall going to prevent someone who successfully breaks in from running a
>backdoor? I think not, because once they're in they can modify the firewall.
>
> Please, I'm not saying I know everything. In fact, though it won't be 100% true,
>I'll blanket state that I "know nothing about firewalls.
>
> Now, if anyone has wise things to say about this, can someone answer any of my
>questions above, or tell me some useful things a firewall does that I missed, please
>fire away.
>
> Please be nice about it. I as I said already, I might just simply not be aware of
>the magical things firewalls can do.
>
> Somehow I doubt it though.
>
> Please don't flame me, I'm not trying to hurt anyones feelings, and I didn't say
>fire walls did nothing. I just don /know/ of anything they do.
No flame from me. I don't like firewalls either. They block ONLY
those ports that you're not running servers on. But if I'm already NOT
running services on those ports, what's the point?
Oh! This is it! If I'm a screwup and I accidentally run a service I
didn't intend to, I guess I've just exposed myself, without a firewall.
But gosh, if I screwup the config on the firewall I expose myself anyway.
Little difference in my opinion. Think about what you do on EVERY machine
in your network. Don't hide behind the FALSE SECURITY that a firewall
might pretend to give you. I've scanned too many friends and customers
networks that have firewalls only to find they didn't configure the FW
correctly, exposing themselves, all the while sleeping snug as a bug at
night :-(
NMAP SCAN your entire network regularly. Watch your logs constantly.
Read Bugtraq, redhat-security, etc.
--- Jay
P.S. I *LIVE* as root on my systems as well. Know what's gonna happen
BEFORE you hit enter. No better way to condition yourself to PAY
ATTENTION to what you're doing :-)
+------------------------------------------------------------------------+
| Jay Nugent [EMAIL PROTECTED] (734)971-1076 (734)971-4529/Fax |
| Nugent Telecommunications [www.nuge.com] (734)649-0850/Cell |
| Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
| Web-Pegasus [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
| LinuxNIC, Inc. [www.linuxnic.net] Registrar of the .linux TLD |
+------------------------------------------------------------------------+
10:00pm up 3 days, 6:50, 6 users, load average: 0.02, 0.07, 0.02
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
