Firewall Wizards mailing list archives
Re: chroot useful?
From: mcnabb () argus-systems com (Paul McNabb)
Date: Mon, 17 Nov 1997 22:36:21 -0600
From anton () Toronto com Mon Nov 17 19:05 CST 1997 At 05:27 PM 17/11/97 -0600, Paul McNabb wrote: > >IMHO, stripping down a system by removing unnecessary utilities, services, >and processes reduces the chances of leaving a hole open and is absolutely >essential for making a firewall "secure", but it does little towards making >the remaining services more secure. What about stripping down the kernel and removing things of dubious nature?
Absolutely. I think most people would agree that the smaller the code, the better. Unfortunately, there is a problem with it. Although most firewalls are kept pretty stable once installed and operational, people generally like to know that any new security product is a candidate for their machine. If you run a stripped down kernel, there is the chance that your system won't support the next firewall version, or that nice auditing program you want, or ... And what about when your system admin guy leaves and the next guy comes along? If he needs to rebuild the system or add a patch, will it break everything? Another issue: if you are looking for commercial support and updates, having a home-grown OS version pretty much invalidates a lot of customer support. So as far as OSes are concerned, we are left with 1) running a strong commercial version (very few available) 2) running a bastardized but strong commercial version 3) running a potentially weak but fully supported commercial version 4) running a strong home version (with little help/experience from other sites) paul --------------------------------------------------------- Paul McNabb Argus Systems Group, Inc. Vice President and CTO 1809 Woodfield Drive mcnabb () argus-systems com Savoy, IL 61874 USA TEL 217-355-6308 FAX 217-355-1433 "Securing the Future" ---------------------------------------------------------
Current thread:
- Firewalling DCOM and brethren, (continued)
- Firewalling DCOM and brethren David C Niemi (Nov 21)
- Re: Firewalling DCOM and brethren Magossa'nyi A'rpa'd (Nov 21)
- Re: chroot useful? Anton J Aylward (Nov 17)
- RE: chroot useful? Joseph Judge (Nov 17)
- Re: chroot useful? Paul McNabb (Nov 17)
- Re: chroot useful? Paul McNabb (Nov 17)
- Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Anton J Aylward (Nov 20)
- Re: chroot useful? chuck yerkes (Nov 21)
- Re: chroot useful? Adam Shostack (Nov 21)
- Re: chroot useful? chuck yerkes (Nov 21)
- Re: chroot useful? Paul McNabb (Nov 20)
- Re: chroot useful? Colin Campbell (Nov 21)
- Small code (was Re: chroot useful?) chuck yerkes (Nov 23)
- Re: chroot useful? Colin Campbell (Nov 21)
- Re: chroot useful? Anton J Aylward (Nov 21)