Firewall Wizards mailing list archives
Re: Unix Hardening for FW installation
From: Chris Boscolo <chrisb () watchguard com>
Date: Wed, 27 Oct 1999 22:00:26 -0700 (PDT)
On Wed 27-October, Marcus J. Ranum wrote (id <3.0.6.32.19991027211307.007cc1c0 () mail clark net>): % %>Can anyone suggest resources or sites with info on securing a UNIX system %>for installation of a firewall. % %I used to believe in "stripping" operating systems. Now I believe %in "building" them. Rather than removing what I think may be bad, %I prefer to start with a bootstrap loader and add the things I %need. :) % %The NFR appliance (which I happened to do the first round of %system integration for) was built in the manner described above. %I took the bootstrap, added a kernel and filesystem, a minimum %of devices, and then coded my own version of init and everything %above kernel space. This is the same design methodology which we used in our Firebox. But, we don't have any filesystems which are for generic use. We use compressed read-only images which we uncompress during startup. This way, there is never filesystem "state" to worry about. I agree that this the best way to design a secure system, but you may say that I have a bias... -chrisb -- Chris Boscolo chris.boscolo () WatchGuard com Software Development Manager, Security Technologies WatchGuard Technologies (206) 521-8348
Current thread:
- Unix Hardening for FW installation brendon . b . taylor (Oct 27)
- Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 27)
- Re: Unix Hardening for FW installation Chris Boscolo (Oct 28)
- Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 28)
- Re: Unix Hardening for FW installation Chris Boscolo (Oct 28)
- Re: Unix Hardening for FW installation Philip S Holt / Security Engineering (Oct 28)
- Re: Unix Hardening for FW installation Mat Henley (Oct 28)
- RE: Unix Hardening for FW installation David Cocking (Oct 28)
- <Possible follow-ups>
- re: Unix Hardening for FW installation Cliff Watts (Oct 29)
- Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 27)