RE: [fw-wiz] Securing a Linux Firewall

From: Bruce Platt (Bruce@ei3.com)
Date: 07/23/02

• Next message: Carson Gaspar: "RE: [fw-wiz] Securing a Linux Firewall"
• Previous message: Mordechai T. Abzug: "Re: [fw-wiz] Securing a Linux Firewall"
• Maybe in reply to: Marc DVer: "[fw-wiz] Securing a Linux Firewall"
• Next in thread: Carson Gaspar: "RE: [fw-wiz] Securing a Linux Firewall"
• Reply: Carson Gaspar: "RE: [fw-wiz] Securing a Linux Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Bruce Platt <Bruce@ei3.com>
To: Carson Gaspar <carson@taltos.org>, firewall-wizards@honor.icsalabs.com
Date: Tue Jul 23 16:38:16 2002

Everything on the box that you don't need is a potential way for someone to
grab control of an executable which can cause damage. Just because the
image isn't executed during init processing doesn't mean that someone can't
start it up some other way.

Fred is a belt-and-suspenders type, and it pays here.

If you don't need the executable, get rid of it. Even though it seems
harmless today. There might be an exploit tomorrow. Besides doing so gives
you the added advantage of having more available disk space :-) (OK, so I'm
showing my age).

-----Original Message-----
From: Carson Gaspar [mailto:carson@taltos.org]
Sent: Tuesday, July 23, 2002 2:36 PM
To: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Securing a Linux Firewall

--On Tuesday, July 23, 2002 12:07 PM -0400 Frederick M Avolio
<fred@avolio.com> wrote:

> Turn off everything you are certain you don't require.
> Actually remove the executables, also. (remove the rpm).

OK - as someone who seems to represent the "remove the executables" camp,
can you explain your reasoning? I've never been able to understand _why_
removing files buys you anything?

(See my previous post for my strategy - castrate all priveleged binaries,
turn off all services, and turn logging to high)

-- 
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Next message: Carson Gaspar: "RE: [fw-wiz] Securing a Linux Firewall"
• Previous message: Mordechai T. Abzug: "Re: [fw-wiz] Securing a Linux Firewall"
• Maybe in reply to: Marc DVer: "[fw-wiz] Securing a Linux Firewall"
• Next in thread: Carson Gaspar: "RE: [fw-wiz] Securing a Linux Firewall"
• Reply: Carson Gaspar: "RE: [fw-wiz] Securing a Linux Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Malware Triangle ... > tell the students to never do it this way in the real world - what do ... Spam is just email that is ... used in a way to do some kind of damage mostly to Availability. ... Spyware are just executables that can be used in a way to do ... (alt.computer.security) Re: copy a list in 1 instruction ... screw things up if you have done static linking with LIBs for 1+ ... You need to link with the same RTL in DLL form for both executables or make ... the damage shows up. ... (microsoft.public.vc.stl)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)