Re[2]: FW: Linux server as it own firewall

From: Serge Shvyryaev (minus@relline.ru)
Date: 09/13/01


Date: Thu, 13 Sep 2001 10:03:33 +0400
From: Serge Shvyryaev <minus@relline.ru>
Message-ID: <1022146864.20010913100333@relline.ru>
To: focus-linux@securityfocus.com
Subject: Re[2]: FW: Linux server as it own firewall

Hello all,

> The way I see it, if someone can manage to break into a locked
> down firewall [..]
It's virtually impossible to break into firewall with some simple
rules to protect himself such as - don't allow any connections to
or from itself with only inbound ssh allowed from trusted machines.
It's no door to break through...
And if shit happens - it's no tools to run on it (if unneeded binaries
removed from fw) and no connections out can be opened. Heck! You even
can easily run it from read-only media.
But anyway - the real target will be your servers, because deamons
running on them are real treat to security and possibilities to
attack. And you must allow access to them on firewall because these
services are what you servers for.

-- 
Best regards,
 Serge                            mailto:minus@relline.ru



Relevant Pages

  • Re: Firewall and Group Policy
    ... I know that you can do this manually on servers and workstations, ... > You can configure exception that are unique per network interface. ... >> I currently have disabled MS firewall on LAN connections and enabled on ... >> when not on our LAN which has a nice hardware firewall to protect them. ...
    (microsoft.public.security)
  • Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters
    ... protect the servers. ... I'm finding it difficult to track/test how many connections are ... > with these Windows settings is to be less vulnerable, ... >>> as searching a variety of firewall manufacturer web sites to see some ...
    (microsoft.public.inetserver.iis.security)
  • RE: Slow user logon on Terminal server after migration to Windows 2003
    ... The Terminal Servers are 2000 or 2003. ... "Inside the firewall zone" means that the Citrix Servers have a firewall ... available RPC ports? ...
    (microsoft.public.windows.server.active_directory)
  • Re: medical records, web server, & stateful firewall vs packet filter
    ... > image and SQL servers directly (the image server link in particular ... The image and SQL servers ... the 2 firewall layers should run different s/ware - the idea is that a major ... security always cost a lot more than you expect (this comes up whenever we ...
    (comp.dcom.sys.cisco)
  • Re: I have been hacked (WAS: Have I been hacked or is nmap wrong?)
    ... > console based ftp client. ... the FTP servers have? ... > They are really mail servers, at least smtp for outgoing mails ... If you're firewall was dropping incoming packets destined to ...
    (freebsd-questions)