Re: Hardening VS firewalling ?

From: Jeff Giuliano (jgiulian@cv.net)
Date: 01/08/02


Date: Tue, 08 Jan 2002 12:21:09 -0500
From: Jeff Giuliano <jgiulian@cv.net>
To: Omar Koudsi <omark@jeeran.com>

I would choose hardening, because ultimately (in general)
it is a host that is being compromised, not a network
(at least not directly). You can firewall all you want but
if you are not configuring the services securely that you DO
let through then you are still at great risk. Additionally,
if you remove services from running on a server or host,
than the need for firewalling diminishes. It does not
disappear ofcourse.

For example, you firewall out port 111, RPC, and others, but
you have an FTP server running, not chroot'ed with anonymous
rwx access. Or, you remove RPC and other unnecessary
services, chroot FTP and remove or restrict anonymous FTP
access. Ok, that's a little exaggerated but you get my
point.

No firewalling leaves you vulnerable to network attacks,
DoS,
and others ofcourse.

Hope that helps.

-Jeff

Omar Koudsi wrote:
>
> OK, I know this is more of a theoretical debate, because in reality we
> are able and should do BOTH.
>
> But according to you, which is more important? Paying attention to
> having great firewall with a great ACL more than hardening and patching
> the systems? Or not have to worry about the firewall or having one at
> all and concentrate on applying best practices to OS/APPS and making
> sure the OS/APPS is up date on patches?
>
> In the unlikely event that you had to choose one over the other (or some
> people would argue that this is a reality since time is limited and you
> can really concentrate on one) , which one would it be and why?
>
> Regards,
>
> -----------
> Omar Koudsi
> IT Architect
> Network Security Center
> Special Systems Company
> http://security.sscjo.com
> omark@sscjo.com
> Tel: (9626) 5664221
> Fax: (9626) 5681557