You are correct, sort of. While it's true nothing can initiate a connection from the outside, a client on the inside can. It's not what you might think, either. Yes, a trojan could do it, but Internet Explore can as well. So too can things like Gator and other spyware. Though for the most part you are secure from root attacks by and large, be aware your clients within your lan can initiate contact with the outside world and these connections can also invite danger.
<<JAV>> ---------- Original Message ----------- From: Bill Holland <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Sent: Thu, 17 Oct 2002 18:11:41 -0400 Subject: RE: Tonight I got hacked. > If I have a little $60 Netgear router, and provide no services > through it - do I have to worry about all this stuff? Its my > understanding that no ports are being forwarded, so nothing can get > through. Or am I mistaken? > > - bill > > -----Original Message----- > From: Todd A. Jacobs [mailto:nospam@;codegnome.org] > Sent: Thursday, October 17, 2002 4:30 PM > To: RedHat List > Subject: Re: Tonight I got hacked. > > On Thu, 17 Oct 2002, linux power wrote: > > > I thought I had a good iptables firewall, but not good enough. Well > > anyway it tooks a couple of months before it happend- > > A firewall is insufficient in and of itself. All a firewall does is > allow or block access to certain ports. It doesn't control what kind > of traffic flows through those sockets: that's up to the application > or its application-layer proxy to sort out. > > If you want your system to be secure, you need to install a firewall > of course, but you also need to disable unnecessary services, > tighten access controls, limit privelege, monitor log files, and > many other tasks. "Security is a process, not a product." > > I don't think it's been updated for psyche yet, but take a look at > the bastille hardening scripts and see what you can learn. At a > minimum, you should: > > - Only install packages you know you'll need. Avoid "everything plus > the kitchen sink" installs. > - Use ntsysv to remove services you don't use or understand. > - Make heavy use of /etc/hosts.deny and /etc/hosts.allow to restrict > access. > - Disable xinetd unless you *really* need it. If you do, disable > any of its child services that you don't explicitly need. - > Install portsentry. - Configure tripwire and READ the reports. > - Install logsentry and READ the reports. > > Switching to Windows will not solve your problem, since Windows has > even more exploits than Linux and is much harder to secure and > monitor. And even if you choose to do so, the list of tasks isn't > really all that different: lock it down, and then monitor, monitor, monitor. > > There is no quick fix for security. If you insist on looking for one, > you *will* get hacked again, regardless of the OS you choose to use. > > -- > "The only thing that helps me maintain my slender grip on reality is > the friendship I share with my collection of singing potatoes." > > - Holly, JMC Vessel *Red Dwarf* > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list ------- End of Original Message ------- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
