Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SANS Top Ten and Commercial Firewalls

From: Kevin Steves <stevesk () pobox com>
Date: Wed, 2 Oct 2002 19:01:29 -0700
On Wed, Oct 02, 2002 at 02:27:45PM -0400, Gary Flynn wrote:

U2. Malicious HTTP calls to Apache web servers exploiting the
    OpenSSL or Apache chunk handling defects.
U3. Malicious SSH requests exploiting SSH defects.
U4. Malicious SNMP requests or requests with the community
    name blank or equal to "public".
U5. Malicious requests to FTP servers exploiting wu-ftp defects.
U7. Malicious requests to the line printer daemon.
U8. Malicious requests to sendmail.
U9. Malicious requests to bind.


It's not just the firewall product that is the "system" here.
It's the sum of the components that act in concert to implement
a policy.

I just wanted to point out that the application folks are increasingly
using and recommending defense in depth techniques such as privilege
separation and chroot jails etc.

Niels and Markus and others did a lot of work on OpenSSH privsep and
you really want to use it.  OpenBSD 3.2 will support a chroot'd Apache
out-of-the-box.  We need to move more in these directions.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: