Firewall Wizards mailing list archives
RE: Securing a Linux Firewall
From: Carson Gaspar <carson () taltos org>
Date: Tue, 23 Jul 2002 16:42:58 -0400
--On Tuesday, July 23, 2002 4:22 PM -0400 Bruce Platt <Bruce () ei3 com> wrote:
Everything on the box that you don't need is a potential way for someone to grab control of an executable which can cause damage. Just because the image isn't executed during init processing doesn't mean that someone can't start it up some other way.
If the binary grants no additional privileges, then it can do nothing the attacker couldn't do already. If you can execute shell code, you can copy bits onto the box (at your current privilege level) - assuming there is at least one writable directory on the box.
So far, the only comments I've received that make sense are:- Not having the binary in the expected location prevents skript kiddiez attacks from suceeding
In my opinion, this provides minimal additional security. My threat model is a determined attacker, not a clueless scriptoid.
- If the binary isn't on the box, nobody can enable the service by accidentTrue. But I feel that a regular system config audit is a better way of confirming that nobody's done anything unfortunate.
There are a few reasons I don't like the "strip everything off the box" mentality.
- It frequently makes debugging problems nearly impossible, as the necessary tools are not present.
- Every time a patch or a new OS version is released, the set of files that are required changes. Also, new privileged binaries may appear.
I've had to maintain "jumpstart"-like images for secure servers. Maintaining a "known-good" list for privileged binaries is relatively straightforward. Maintaining a "known-good" list of _all_ binaries is a nightmare. I further assert that maintaining a "known-bad" list is a lost cause.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Mordechai T. Abzug (Jul 23)
- Re: Securing a Linux Firewall Frank Knobbe (Jul 23)
- Re: Securing a Linux Firewall Ng Pheng Siong (Jul 24)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- RE: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall John McDermott (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)