Vulnerability Development mailing list archives
Re: Securing of systems....
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Fri, 4 Aug 2000 10:44:07 -0500
Actually, "keeping the kids from bouncing off" is a pretty good idea. if you get a stateful inspection firewall (like an OS running ipfw) in front of the host, separating it from the rest of the network, common practice is to not allow ANY connection to be initiated by the server. Data can still get out if it's requested, but a syn won't make it out through the firewall. This is a technique i've been using for a while on my DMZ and especially the honey pots. I *USED* to be a moron and use local firewall rules, which worked great until I let someone poke around till they got root... then they whacked the rules... -----Original Message----- From: Taneli Huuskonen [mailto:huuskone () CC HELSINKI FI] Sent: Thursday, August 03, 2000 1:40 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Securing of systems.... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ryan Yagatich <ryagatich () CSN1 COM> egrapse: [...]
another firewall (listed below are some examples). and then the most important part is to make sure you have removed the "hacker tools" like telnet, compiling software, etc... this way if someone were to telnet to your box, they would not be able to telnet or hit any of your other machines.
That might stop script kiddies, but if the cracker happens to be a hacker, it'll only slow her down. Nevertheless, it's a good idea; just don't rely too much on it. Regards, Taneli -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBOYm8Wl+t0CYLfLaVEQI5GACgwVfvEdqhpQkaZJ3pLOv8gezHv0kAn03w 8h/vkPKbzYs7SXImfwgvn0W2 =IydQ -----END PGP SIGNATURE----- -- I don't | All messages will be PGP signed, | Fight for your right to speak for | encrypted mail preferred. Keys: | use sealed envelopes. the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
Current thread:
- Securing of systems.... Snehal Dasari (Aug 01)
- Re: Securing of systems.... Robert A. Seace (Aug 02)
- Re: Securing of systems.... Ryan Yagatich (Aug 02)
- Re: Securing of systems.... Taneli Huuskonen (Aug 03)
- Re: Securing of systems.... vamp (Aug 02)
- Re: Securing of systems.... Crispin Cowan (Aug 02)
- Re: Securing of systems.... Robert D. (Aug 02)
- <Possible follow-ups>
- Re: Securing of systems.... Brooke, O'neil (EXP) (Aug 02)
- Re: Securing of systems.... J. Oquendo (Aug 02)
- Re: Securing of systems.... jason (Aug 02)
- Re: Securing of systems.... Dunker, Noah (Aug 05)
- Re: Securing of systems.... roman (Aug 18)