Firewall Wizards mailing list archives
Test Systems - was Re: Hardening
From: John Lines <John.Lines () aeat co uk>
Date: Mon, 24 Nov 1997 12:28:41 +0000
Petri Virkkula wrote :
I think changing things should be done and tested in a test environment where you can have for example another machine with all manual pages you need. Petri
I was begining to think we were the only people who run a test system ! Ever since we first set up our connection to the internet (even before we had a firewall in its present format - it started out as a dual hosted, tightly controlled multiuser system) we had a test machine. Everything which went onto the firewall was installed and tested on the test machine, and then the components required for it to work were copied to the firewall. This automatically gives you a lean system on the firewall, where you know what each file is there for, and you can update your tripwire database whenever you update the system. Note that this approach is better suited, in some respects, to an organisation running a home brew firewall - most commercial products are based on a model of operation where there is no testing (because there is no chance that they might not work perfectly first time in your environment !) and they are installed directly onto the live machine. This approach also tends to require the live system to be taken out of service for updates - for quite a long time while the new system is configured. It also means that the configuration tools live on the live system. I would like to see manufacturers of security related products (especially firewalls and web servers) produce them in a mode where you can use their fancy configuration front ends on an internal test machine, and then produce a live environment, for example as a tar file with just the required parts. Coupled with this should be a seperation of management tools, so that you could still, for example, add users through a fancy interface (to the live system) John Lines
Current thread:
- Re: Hardening, (was Re: chroot useful?) Jim Raykowski (Nov 21)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Petri Virkkula (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 24)
- Test Systems - was Re: Hardening John Lines (Nov 24)
- Time for a new FWTK? chuck yerkes (Nov 24)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 24)
- Re: Time for a new FWTK? -= ArkanoiD =- (Nov 25)
- Re: Time for a new FWTK? Ge' Weijers (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Time for a new FWTK? Ted Doty (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 24)