The only truly secure system is the one that's not turned on. But then it's not very efficient.
Even on a system with all incoming ports closed, a user may still establish an outgoing connection, which must allow a related incoming connection. If the server to which the user connects has been hijacked, or if the DNS server the user accessed has been poisoned, then the user may be accessing damaging information without his or her knowledge, and may not be able to stop it before harm is done. This does not take into consideration internal attacks, social engineering, virii and worms, or any of the other vulnerabilities of IT security. But they all work in concert to ensure your otherwise technologically secured server is safe from attack. -----Original Message----- From: Ferry van Steen Sent: Wednesday, July 10, 2002 17:19 To: [EMAIL PROTECTED] Subject: Cracking a server without services Hey there, I was just wondering. I know the rule is everything can be cracked. But can anyone point me to info on how to crack something with no ports open or/and perhaps tell me how that's called (so I can search...). To me it seems impossible but I have a feeling that's a false sense of security and I'd like to get a better understanding of this so I can take appropiate actions on my servers. Also I think this knowledge will come in handy in the future since I gotta write a firewall on linux for a DMZ and LAN set up in like a week or so and I don't want to tell my boss that the webserver is the only thing that can be cracked because that's the only service we run if that ain't so, although the chance someone with that knowledge/expertise will hunt us will probably be nihil. Kind regards, Ferry van Steen InfoPart Automatisering B.V. Beeksestraat 24 4841 GC Prinsenbeek Phone: +31 (0)76 - 5 44 04 11 Fax: +31 (0)76 - 5 41 83 51 Mobile: +31 (0)6 - 28 46 47 45 E-Mail (business): [EMAIL PROTECTED] E-Mail (private): [EMAIL PROTECTED] MSN Messenger: [EMAIL PROTECTED] ICQ (UIN (seldom used)): 191458
