Firewall Wizards mailing list archives
Re: Linux Firewall on CD
From: Paul Robertson <proberts () patriot net>
Date: Fri, 11 Jul 2003 21:27:24 -0400 (EDT)
On Fri, 11 Jul 2003, james mcdermott wrote:
Would anyone be so kind as to help me find any documentations on how to setup a linux firewall on a cd. This means, how do i create an image and put it on cd. So if someone breaks thru the firewall they cannot install software on it.... Thankx in advance.... James
Generally, attackers want to get past the firewall, not on to it- if the firewall is compromisable, then it's going to be game over, no matter if the disk is writable or not. You'll have to have some writable storage for logs, mount points, device nodes... Usually, CD bootable systems use a RAM Disk- so an attacker can easily keep things in memory, and the only thing you really gain is disinfection with a reboot- however you're still vulnerable to the original attack, so the gain from running off a CD is pretty negligable from a security perspective. The only time I'd seriously consider using a "run off CD" system over another kind is the scenerio where the media was distributed to folks who I didn't want touching things, who had some level of access for operational reasons, then it'd be more to deter the enthusiastic than prevent the malicous. Since you can network boot any *nix OS, it's probably better to spend time on actually removing unncessary code, rather than trying to get the boot media to be unwritable. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Linux Firewall on CD james mcdermott (Jul 11)
- Re: Linux Firewall on CD Steve Ellis (Jul 11)
- Re: Linux Firewall on CD Paul Robertson (Jul 11)
- Re: Linux Firewall on CD Marcus J. Ranum (Jul 11)
- Re: Linux Firewall on CD Paul Robertson (Jul 11)
- Telnet & ftp issues Jyotish K Sen Gupta (Jul 12)
- Re: Linux Firewall on CD Barney Wolff (Jul 12)
- Re: Linux Firewall on CD Paul Robertson (Jul 12)
- Re: Linux Firewall on CD Marcus J. Ranum (Jul 11)