Re: [fw-wiz] X server in a Firewall

---

• From: John M <idm.john@xxxxxxxxx>
• Date: Tue, 24 Jan 2006 17:31:48 -0800 (PST)

---

On the local GUI:
> The more code, the more potential vulnerabilities,

On remote access:
> Web servers tend to increase the risk, as does any
> remote technology.

OK. But what is your recommendation to a fortune 500
company? :)

That is, if Coca-Cola wanted a unix based firewall and
_wanted manage it trough a graphical interface_, what
would you suggest? A X server running in a firewall
sounds bad, but a web server or ssh server could be
even worse (key logger on the management station or
buffer overflow in the ssh or web daemon and both run
as root, so to have permission to change the fw rules)

Besides the firewall, there´s a proxy running on the
box too (as an unprivileged user), so the box could be
compromised remotely trough it and the privilege
escalated trough a X server vulnerability.


> > server, etc) could be vulnerable and, even if is
> only
> > accepting connections from a specific IP, someone
> on
> > internal network could do ARP spoofing or
> something.
>
> Ideally your authentication requires more than just
> an IP address to
> validate...


I mean, the ssh or web server port used to manage it
could be vulnerable to a buffer overflow attack, so if
only a specific IP (the admin) could connect to this
port, it yet would be vulnerable, but nobody else
could exploit it, except if they spoof the admin IP :)



__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Follow-Ups:
  • Re: [fw-wiz] X server in a Firewall
    • From: Marcus J. Ranum
  • Re: [fw-wiz] X server in a Firewall
    • From: Chuck Swiger
  • Re: [fw-wiz] X server in a Firewall
    • From: Paul D. Robertson

• References:
  • Re: [fw-wiz] X server in a Firewall
    • From: Paul D. Robertson

• Prev by Date: Re: [fw-wiz] RE: IDS (was: FW appliance comparison)
• Next by Date: Re: [fw-wiz] RE: IDS (was: FW appliance comparison)
• Previous by thread: Re: [fw-wiz] X server in a Firewall
• Next by thread: Re: [fw-wiz] X server in a Firewall
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Web Services ... Cerberus WebScan is telling me this about my server, it says its iis/5.0, ... Web Server Software is Microsoft-IIS/5.0 ... should be removed as it could allow remote attackers to run commands on the ... (Focus-Microsoft) RE: Web Services ... Cerberus WebScan is telling me this about my server, it says its iis/5.0, ... Web Server Software is Microsoft-IIS/5.0 ... should be removed as it could allow remote attackers to run commands on the ... (Focus-Microsoft) Re: Web Services ... >Web Server Software is Microsoft-IIS/5.0 ... >should be removed as it could allow remote attackers to run commands on the ... (Focus-Microsoft) Re: Web Services ... >>Cerberus WebScan is telling me this about my server, it says its iis/5.0, ... >>should be removed as it could allow remote attackers to run commands on the ... >>web server remotely ... (Focus-Microsoft) Web Services ... Cerberus WebScan is telling me this about my server, it says its iis/5.0, ... Web Server Software is Microsoft-IIS/5.0 ... should be removed as it could allow remote attackers to run commands on the ... (Focus-Microsoft)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2006-01