Security Basics mailing list archives
RE: Firewall on server itself
From: "Firegoblin Postmaster" <postmaster () firegoblin com>
Date: Thu, 26 Jun 2003 17:08:49 +0100
"I don't think that would make sense. If an intruder could exploit the web server to gain root privileges, why would he stop from changing the iptables rules?" I would disagree. If any other device on the network (or DMZ, were you to create one) were compromised, they could be used to attack the web server without the 'hostile' traffic traversing the firewall. Assuming the performance hit is acceptable I would see no reason not to employ a basic IPTables ruleset on the webserver. Rgds --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.493 / Virus Database: 292 - Release Date: 25/06/2003 --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Firewall on server itself Anish Basu (Jun 25)
- Re: Firewall on server itself Brad Arlt (Jun 26)
- Re: Firewall on server itself Volker Kindermann (Jun 26)
- Re: Firewall on server itself Michael P (Jun 26)
- Re: Firewall on server itself Ansgar Wiechers (Jun 26)
- RE: Firewall on server itself Firegoblin Postmaster (Jun 26)
- Re: Firewall on server itself Mitch Pirtle (Jun 26)
- <Possible follow-ups>
- Re: Firewall on server itself Justin Pryzby (Jun 26)
- RE: Firewall on server itself DeGennaro, Gregory (Jun 26)
- RE: Firewall on server itself Gene LeDuc (Jun 26)
- Re: Firewall on server itself chris (Jun 26)
- RE: Firewall on server itself Depp, Dennis M. (Jun 26)
- Re: Firewall on server itself Ivan Coric (Jun 26)
- Re: Firewall on server itself Mitchell Rowton (Jun 26)
- Re: Firewall on server itself Craig Janssen (Jun 26)