[fw-wiz] Host firewalling

From: Paul Robertson (proberts@patriot.net)
Date: 07/25/02 

From: Paul Robertson <proberts@patriot.net>
To: firewall-wizards@honor.icsalabs.com
Date: Thu Jul 25 14:47:01 2002

I've recently been playing with some network-based default-deny
capabilities for Linux and Solaris systems, and I'm getting a lot of "we
wouldn't load that kernel module" feedback 3rd hand.

That leaves me wondering (private replies are preferred, I'll probably end
up summarizing if I get enough feedback rather than clogging the list with
individual replies unless something interesting comes back)- how many of
you would advocate loading a module (or 2 or 3) which provided some
defense in depth- provided:

(A) The code was available for review.
(B) The code was GPL and/or widely reviewed.
(C) The code was easy to understand.
(D) The code was "blessed" by the OS vendor/distributor
(E) It saved you from having to do "hardening."

My primary motivator is that I've gotten tired of trying to do a
minimum level of security on things like firewalls which seem to want GUIs
no matter what these days.

Module features might be things like controlling network access, stopping
remote shell exploit code, managing file access.

(I'm aware that most of this isn't new- I'm more interested in hurdles to
such modules than comparisons or pointers to similar projects.)
 
Thanks,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation