Firewall Wizards mailing list archives
Re: Securing a Linux Firewall
From: Carson Gaspar <carson () taltos org>
Date: Wed, 31 Jul 2002 20:06:52 -0400
--On Tuesday, July 30, 2002 5:02 PM -0700 "Stephen P. Berry" <spb () meshuggeneh net> wrote:
There's an analogous situation in administering machines over a network---if you don't own the biggest pipe with the lowest latency between you and your machines, eventually you're going to find yourself unable to talk to them.
Only if your attackers have access to you management pipe. Which should not be the case in a very robust network. Out-of-band management is a must.
At any rate, longer or more difficult physical access paths mean longer response times. This in turn means that an evildoer can accomplish more before you can react, and they have a better chance of being able to cover their tracks (figuratively or literally). If you're a plane ride away from a box, not only does the evildoer have the time to slap a CD drive in it and boot off removable media---they have time to show up, discover the machine doesn't have a drive, head over to the nearest parts store, buy a CD drive, fill out the registration card, get the mail-in rebate, then return to compromise your box...and still get out before you're through security at the airport.
It is cost prohibitive to have trained security staff at every physical location, given a large multinational organization.
In any case, if you're pulling the CD drive as a preventative measure,
you're
already assuming the evildoer is familiar with the OS and hardware andhas boot media with them. I agree that there are many evildoers who
don't fitIn my case, CD-ROM drives were yanked because they failed more often than hard drives did, and they hung the SCSI bus when they died, taking out the entire system.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Securing a Linux Firewall Stephen P. Berry (Aug 01)
- Re: Securing a Linux Firewall Carson Gaspar (Aug 01)
- Re: Securing a Linux Firewall Stephen P. Berry (Aug 01)
- Re: Securing a Linux Firewall Carson Gaspar (Aug 02)
- Re: Securing a Linux Firewall Michael A. Williams (Aug 03)
- Re: Securing a Linux Firewall Stephen P. Berry (Aug 06)
- Re: Securing a Linux Firewall Stephen P. Berry (Aug 01)
- Re: Securing a Linux Firewall Carson Gaspar (Aug 01)
- <Possible follow-ups>
- Re: Securing a Linux Firewall Stephen P. Berry (Aug 01)
- Re: Securing a Linux Firewall Carson Gaspar (Aug 01)
- Re: Securing a Linux Firewall Stephen P. Berry (Aug 01)
- Re: Securing a Linux Firewall Carson Gaspar (Aug 01)
- RE: Securing a Linux Firewall Litscher, Mark (Aug 06)