Re: tcpwrapped rpcbind/portmap?

From: Warren Belfer (belfer@ha2mpk-mail.Eng.Sun.COM)
Date: 08/22/01 

Message-Id: <200108221651.JAA27240@phys-ha2mpka-16.Eng.Sun.COM>
Date: Wed, 22 Aug 2001 09:51:02 -0700 (PDT)
From: Warren Belfer <belfer@ha2mpk-mail.Eng.Sun.COM>
Subject: Re: tcpwrapped rpcbind/portmap?
To: focus-sun@securityfocus.com

A host based firewall is an important line of defense on any host,
even on non-hostle networks. Malicious or clueless insiders often
cause more damage than external hackers. I've been running ipfilter
(or Sunscreen) on Solaris on every host for years and I've yet to see
any significant performance penalties, unless your machine is already
very close to the edge. Ipfilter does require maintaining another
package, but any host based firewall requires that.

HTH

warren

>Yes, IPfilter built as a 64-bit LKM is certainly one line of defense.
>Concerns have been raised about the performance impact of using an
>IPfilter LKM with Solaris, and on top of that it's an additional
>package to maintain across all of one's systems, as opposed to an
>incremental feature in an existing package.
>
>In any case, as noted by Geoff Collis in another message within this
>thread it is sometimes desirable to have multiple layers performing the
>same security functions (ACL checking in this case) in order to decrease
>the probability of failure.
>
>-Trevor
>
>--
>Trevor Fiatal -- trevor@seven.com -- http://www.seven.com/
>Co-Founder
>Seven
>510.967.4556 (work/mobile)
>510.401.8054 (vmail/fax)

Relevant Pages

  • Re: Host Computer with ICS cannot be accessed
    ... I have the Main (Host) computer with XP SP1 which is the ICS computer on a ... firewall settings, not that I've found so far, but I'll keep looking. ... >>connection, I can check or uncheck the firewall setting to allow others on ... Is there a way I can tell my Host server to allow the Client ...
    (microsoft.public.windowsxp.network_web)
  • Re: Host Computer with ICS cannot be accessed
    ... I have the Main (Host) computer with XP SP1 which is the ICS computer on a ... firewall settings, not that I've found so far, but I'll keep looking. ... >>connection, I can check or uncheck the firewall setting to allow others on ... Is there a way I can tell my Host server to allow the Client ...
    (microsoft.public.windowsxp.network_web)
  • Re: One computer cant see the other.
    ... I'm not sure I'm doing this right Steve, but on the command prompt at my host ... command prompt on my host machine and my client machine when I ping the host. ... network of two computers. ... The most likely problem is that a firewall (Norton, McAfee, ZoneAlarm, ...
    (microsoft.public.windowsxp.network_web)
  • RE: [fw-wiz] Vulnerability Response
    ... >> management effort scales with the number of hosts. ... It scales non-linearly if the problem area is well-defined. ... Now - if you're gonna make a firewall policy for 10,000 desktops ... When someone talks about doing mitigation at the host level, ...
    (Firewall-Wizards)
  • RE: Securing a Local Network
    ... attacker that has broken into one host to hop among the other hosts. ... If you have a central firewall acting as a choke point, ... computers to go out over non-essential ports, ... > interaction with one of our expert instructors. ...
    (Security-Basics)