Re: Linux firewall/IDS/NAT suggestions
From: Seth Arnold (sarnold_at_wirex.com)
Date: 06/03/03
- Previous message: Seth Arnold: "Re: Linux firewall/IDS/NAT suggestions"
- In reply to: carrion_at_ravel.ufrj.br: "Re: Linux firewall/IDS/NAT suggestions"
- Next in thread: Jimi Thompson: "Re: Linux firewall/IDS/NAT suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 3 Jun 2003 09:50:20 -0700 To: focus-linux@securityfocus.com
On Sat, May 31, 2003 at 12:12:44PM -0300, carrion@ravel.ufrj.br wrote:
> What's the advantage of having the Firewall/NAT rules written on a CD-R media?
A very simple convenience factor. If the firewall is cracked in some form,
a simple reboot will re-initialize it, forcing the attacker to re-crack
it, if he or she wishes to retain control of it. If the attacker was a
rather casual peruser, he or she may not bother re-cracking, and your
life can go on as normal for a few days while you build a new firewall
that is not vulnerable to whatever was used in the attack.
Of course, this assumes the attacker was noisy enough for you to notice
it. If he or she does his or her job well enough, you'll never notice,
and you're right -- there is practically zero benefit to having the
rules be on a CD-R at that point. :)
-- "It seems the power has been robbed from the founding fathers and is now firmly in the hand of the funding fathers." -- Rik van Riel
- application/pgp-signature attachment: stored
- Previous message: Seth Arnold: "Re: Linux firewall/IDS/NAT suggestions"
- In reply to: carrion_at_ravel.ufrj.br: "Re: Linux firewall/IDS/NAT suggestions"
- Next in thread: Jimi Thompson: "Re: Linux firewall/IDS/NAT suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
