Full Disclosure mailing list archives
Re: PC Firewall Choices
From: Joachim Schipper <j.schipper () math uu nl>
Date: Wed, 18 Jan 2006 11:57:36 +0100
On Wed, Jan 18, 2006 at 10:28:51AM +0000, Juliao Duartenn wrote:
On Tue, 2006-01-17 at 23:33 -0500, greybrimstone () aim com wrote:Thats assuming that malware isn't being designed for that firewall. I'm sure you already know that software is software regardless of the hardware that it is running on. Likewise a vulnerability is still a vulnerability... I suppose you could r/o the system... but you need to write the confs somewhere right? -AdrielConfiguration on a hardware firewall is usually a pretty stable thing - you don't go around opening ports at random every day, now do you? Most modern {linux|bsd} firewall implementations can now run from a read-only device, namely CD-ROM, and also write their configuration to a removable device that you can manually set RW or RO - floppy, USB pen, etc. Of course, since most implementations mount parts of the filesystem into RAM, you're still vulnerable to attacks, they are merely non-permanent, if you reboot you are clean again, albeit with the original hole still present, i'd say. There are, of course, solutions for that too, but I still haven't seen one that really works - meaning that it can detect and prevent tampering in real-time. The best thing I can remember is running tripwire against a RO database on CD, but that can still be tampered with. Any thoughts?
Well, if someone manages to get access to the kernel (don't forget that root has such access), any program on the system can be made to do pretty much anything - in particular, tripwire can be made to report that all is well. The easy solution involves using a recent kernel that has no known or suspected vulnerabilities. Some intrusion detection - like tripwire - might be valuable, but there is a limit to that. Joachim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: PC Firewall Choices, (continued)
- Re: Re: PC Firewall Choices Dave Korn (Jan 19)
- Re: Re: PC Firewall Choices Valdis . Kletnieks (Jan 19)
- RE: PC Firewall Choices Nick Hyatt (Jan 17)
- Re: PC Firewall Choices Valdis . Kletnieks (Jan 17)
- RE: PC Firewall Choices Nick Hyatt (Jan 17)
- Re: PC Firewall Choices Valdis . Kletnieks (Jan 17)
- Re: PC Firewall Choices Michael Silk (Jan 17)
- RE: PC Firewall Choices Nick Hyatt (Jan 17)
- Re: PC Firewall Choices greybrimstone (Jan 17)
- Re: PC Firewall Choices Juliao Duartenn (Jan 18)
- Re: PC Firewall Choices Joachim Schipper (Jan 18)
- Re: PC Firewall Choices greybrimstone (Jan 19)
- Re: PC Firewall Choices John LaCour (Jan 18)
- RE: PC Firewall Choices Very Unprivate (Jan 17)
- Re: PC Firewall Choices greybrimstone (Jan 17)
- Re: PC Firewall Choices Nancy Kramer (Jan 18)
- Re: PC Firewall Choices greybrimstone (Jan 19)
- Re: PC Firewall Choices Stan Bubrouski (Jan 19)
- Re: Secure Delete for Windows sk (Jan 17)
- Re: Secure Delete for Windows Yvan Boily (Jan 17)
- RE: Secure Delete for Windows y0himba (Jan 17)