[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Thu Jul 22 15:31:25 2004 -->
- <!--x-from-r13: wqe ng kpbecf.arg (Xbanguna Dvpxzna) -->
- <!--x-message-id: 04Jul22.152830-0400_edt.310133-[email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] OT: Firewall purchase -->
- <li><em>date</em>: Thu Jul 22 15:31:25 2004</li>
- <li><em>from</em>: jdr at xcorps.net (Jonathan Rickman)</li>
- <li><em>in-reply-to</em>: <<a href="msg00602.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] OT: Firewall purchase</li>
Linux running IPTables is already immune to all but the most complex types
of these attacks by virtue of the stateful packet inspection and
anti-spoofing behavior. It's just a matter of doing it. Bob's book is pretty
cheap and covers all that. We could discuss it 'till the cows come home
because there are so many possible configurations, but honestly the book
pretty much covers everything you need to know. You'd almost have to make a
conscious effort to make a fully patched Linux firewall vulnerable to the
attacks I brushed over earlier. Firewalls typically have three possible
areas of exposure, meaning that they themselves can be compromised...or the
network they protect can be accessed. I'll list them in order of how common
they are:
1) Misconfiguration - could lead to compromise of the network and possibly
the system but not necessarily both.
2) Inadequate Features - could lead to compromise of the network or in
extreme cases, the system.
3) Buggy code - could lead to compromise of the system itself, and likely
WILL lead to compromise of the network.
I'd say the breakdown is somewhere around 90% for number 1, 8% for 2, and 1%
for 3. The final 1% are things that can't be determined readily. The fourth
problem is vulnerability to DoS attacks, which could be a symptom of any of
the first three.
--
Jonathan
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00602" href="msg00602.html">[ale] OT: Firewall purchase</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00615.html">[ale] Updating a RH9 server...</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00617.html">[ale] Linux for various server processors</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00602.html">[ale] OT: Firewall purchase</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00147.html">[ale] OT: Firewall purchase</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00616"><strong>Date</strong></a></li>
<li><a href="threads.html#00616"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>