Firewall Wizards mailing list archives
Re: Securing a Linux Firewall
From: Paul Robertson <proberts () patriot net>
Date: Tue, 23 Jul 2002 16:18:12 -0400 (EDT)
On Tue, 23 Jul 2002, Carson Gaspar wrote:
Turn off everything you are certain you don't require. Actually remove the executables, also. (remove the rpm).OK - as someone who seems to represent the "remove the executables" camp, can you explain your reasoning? I've never been able to understand _why_ removing files buys you anything?
I'm not Fred, but: It buys you something because rote attacks happen. For instance, removing (or moving) cmd.exe would have stopped a fair ammount of IIS worm propogation- like stopping Code Red for instance.
(See my previous post for my strategy - castrate all priveleged binaries, turn off all services, and turn logging to high)
Privelige isn't necessary in all cases- some attacks work well at a semi or unpriveliged level. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Securing a Linux Firewall Marc DVer (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall R. DuFresne (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Mordechai T. Abzug (Jul 23)
- Re: Securing a Linux Firewall Frank Knobbe (Jul 23)
- Re: Securing a Linux Firewall Ng Pheng Siong (Jul 24)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- <Possible follow-ups>
- RE: Securing a Linux Firewall Bruce Platt (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- RE: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)