Firewall Wizards mailing list archives
Re: X server in a Firewall
From: John M <idm.john () yahoo com>
Date: Tue, 24 Jan 2006 17:31:48 -0800 (PST)
On the local GUI:
The more code, the more potential vulnerabilities,
On remote access:
Web servers tend to increase the risk, as does any remote technology.
OK. But what is your recommendation to a fortune 500 company? :) That is, if Coca-Cola wanted a unix based firewall and _wanted manage it trough a graphical interface_, what would you suggest? A X server running in a firewall sounds bad, but a web server or ssh server could be even worse (key logger on the management station or buffer overflow in the ssh or web daemon and both run as root, so to have permission to change the fw rules) Besides the firewall, thereĀ“s a proxy running on the box too (as an unprivileged user), so the box could be compromised remotely trough it and the privilege escalated trough a X server vulnerability.
server, etc) could be vulnerable and, even if isonlyaccepting connections from a specific IP, someoneoninternal network could do ARP spoofing orsomething. Ideally your authentication requires more than just an IP address to validate...
I mean, the ssh or web server port used to manage it could be vulnerable to a buffer overflow attack, so if only a specific IP (the admin) could connect to this port, it yet would be vulnerable, but nobody else could exploit it, except if they spoof the admin IP :) __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall Brian Loe (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Chuck Swiger (Jan 24)
- Re: X server in a Firewall Marcus J. Ranum (Jan 24)
- Re: X server in a Firewall Cat Okita (Jan 24)
- Re: X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Marcus J. Ranum (Jan 24)
- Re: X server in a Firewall Peter Bruderer (Jan 25)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)