RE: [fw-wiz] Securing a Linux Firewall

From: David Lang (david.lang@digitalinsight.com)
Date: 07/24/02


From: David Lang <david.lang@digitalinsight.com>
To: Carson Gaspar <carson@taltos.org>
Date: Wed Jul 24 16:28:01 2002

when you are considering things for strippng off the box you should think
about what you want on there for debugging and leave that there.

for example on a firewall you may want to leave something like perl or
tcpdump on there even though you don't use them for normal firewall
operations becouse you want them on there for debugging, but do you really
need apache and gnome on there? (just picking a couple large packages as
examples)

David Lang

On Tue, 23 Jul 2002, Carson Gaspar wrote:

> There are a few reasons I don't like the "strip everything off the box"
> mentality.
>
> - It frequently makes debugging problems nearly impossible, as the
> necessary tools are not present.
>
> - Every time a patch or a new OS version is released, the set of files that
> are required changes. Also, new privileged binaries may appear.
>
> I've had to maintain "jumpstart"-like images for secure servers.
> Maintaining a "known-good" list for privileged binaries is relatively
> straightforward. Maintaining a "known-good" list of _all_ binaries is a
> nightmare. I further assert that maintaining a "known-bad" list is a lost
> cause.
>
> --
> Carson
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>



Relevant Pages

  • Re: How to setup debug in SSMS?
    ... I cannot claim credit for coming up with the firewall configuration idea. ... The MSDN library article and SQL2008 BOL both state that debugging won't ... The installation log indicated that everything had gone through on the first ... I understand that your SQL Server 2008 ...
    (microsoft.public.sqlserver.setup)
  • Unable to map debug start page URL, firewalls and VPNs 320433
    ... supported through a firewall. ... I have a web server that is on the other side of a firewall (an ISA ... I am debugging my asp.net application through this VPN access. ...
    (microsoft.public.vsnet.debugging)
  • Re: Cannot debug using windows xp sp2 to windows server 2003
    ... I have a similar problem while debugging webparts (well, ... Disabled firewall, made users admins. ... > Server 2003 server that is running the remote debugging components. ...
    (microsoft.public.vsnet.general)
  • Re: Cannot debug using windows xp sp2 to windows server 2003
    ... I have a similar problem while debugging webparts (well, ... Disabled firewall, made users admins. ... > Server 2003 server that is running the remote debugging components. ...
    (microsoft.public.vsnet.debugging)
  • Re: Remote debugging from Vista to XP64
    ... I don't use the firewall, ... I think the UAC is a problem for Vista, I think you will need to enable it. ... This type of remote debugging will not succeed if you are running Remote ...
    (microsoft.public.vsnet.debugging)