Re: 99.9 % of Software/Hardware Firewalls DO-NOT.....
From: Rob J Meijer (rmeijer@xs3.xs4all.nl)Date: 01/03/02
- Next message: Keith W. McCammon: "Re: Looking for a hardware firewall capable of HA"
- Previous message: Hudson: "Re: Why does ZA forget my settings in Programs list?"
- In reply to: Lars M. Hansen: "Re: 99.9 % of Software/Hardware Firewalls DO-NOT....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: rmeijer@xs3.xs4all.nl (Rob J Meijer) Date: 3 Jan 2002 17:33:08 GMT
Lars M. Hansen <badnews@hansenonline.net> writes:
>On Tue, 01 Jan 2002 21:54:56 -0600, Patrick Farrell spoketh
>>So how is it that anyone is able to run any dns servers. Surely your not
>>suggesting that all of the servers out there are MS boxes or mac :) Yes there
>>have been vunerabilities, but these have been patched. There have been
>>vulnerabilities in telnet, ssh, (IIS anyone? :), etc.
>>
>>I'm just curious if your aware of something regarding up to date patched DNS
>>boxes that I'm not.
>>
>"These have been patched" ... That's assuming alot, isn't it? The patch
>for Code Red and Nimda has been out for over 6 months, but everybody
>hasn't patched their servers yet...
True, and next to that you can be sure that most software has some more
exploitable bugs not yet public. For this reason 'all' servers should
run in multiple layers of host based containment (Unpriviladged user,
chrooted enviroment, user based and/or application based firewalling etc)
and network based containment.
This is not just a bind issue, this goes for all servers.
Rob
- Next message: Keith W. McCammon: "Re: Looking for a hardware firewall capable of HA"
- Previous message: Hudson: "Re: Why does ZA forget my settings in Programs list?"
- In reply to: Lars M. Hansen: "Re: 99.9 % of Software/Hardware Firewalls DO-NOT....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
