Re: Securing a Linux Firewall

[Paul Robertson <proberts () patriot net>]

On Tue, 23 Jul 2002, Carson Gaspar wrote:

> > Turn off everything you are certain you don't require.
> > Actually remove the executables, also. (remove the rpm).
>
> OK - as someone who seems to represent the "remove the executables" camp, 
> can you explain your reasoning? I've never been able to understand _why_ 
> removing files buys you anything?

I'm not Fred, but:

It buys you something because rote attacks happen.  For instance, removing 
(or moving) cmd.exe would have stopped a fair ammount of IIS worm 
propogation- like stopping Code Red for instance.

> (See my previous post for my strategy - castrate all priveleged binaries, 
> turn off all services, and turn logging to high)

Privelige isn't necessary in all cases- some attacks work well at a semi 
or unpriveliged level.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards