Full Disclosure mailing list archives

Re: PC Firewall Choices

From: Joachim Schipper <j.schipper () math uu nl>
Date: Wed, 18 Jan 2006 11:57:36 +0100

On Wed, Jan 18, 2006 at 10:28:51AM +0000, Juliao Duartenn wrote:

On Tue, 2006-01-17 at 23:33 -0500, greybrimstone () aim com wrote:

Thats assuming that malware isn't being designed for that firewall. I'm 
sure you already know that software is software regardless of the 
hardware that it is running on. Likewise a vulnerability is still a 
vulnerability...

I suppose you could r/o the system... but you need to write the confs 
somewhere right?

-Adriel


Configuration on a hardware firewall is usually a pretty stable thing -
you don't go around opening ports at random every day, now do you?

Most modern {linux|bsd} firewall implementations can now run from a
read-only device, namely CD-ROM, and also write their configuration to a
removable device that you can manually set RW or RO - floppy, USB pen,
etc.

Of course, since most implementations mount parts of the filesystem into
RAM, you're still vulnerable to attacks, they are merely non-permanent,
if you reboot you are clean again, albeit with the original hole still
present, i'd say.

There are, of course, solutions for that too, but I still haven't seen
one that really works - meaning that it can detect and prevent tampering
in real-time. The best thing I can remember is running tripwire against
a RO database on CD, but that can still be tampered with. Any thoughts?


Well, if someone manages to get access to the kernel (don't forget that
root has such access), any program on the system can be made to do
pretty much anything - in particular, tripwire can be made to report
that all is well.

The easy solution involves using a recent kernel that has no known or
suspected vulnerabilities. Some intrusion detection - like tripwire -
might be valuable, but there is a limit to that.

                Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Re: PC Firewall Choices, (continued)
- - - Re: Re: PC Firewall Choices Dave Korn (Jan 19)
    - Re: Re: PC Firewall Choices Valdis . Kletnieks (Jan 19)
    - RE: PC Firewall Choices Nick Hyatt (Jan 17)
    - Re: PC Firewall Choices Valdis . Kletnieks (Jan 17)
    - RE: PC Firewall Choices Nick Hyatt (Jan 17)
    - Re: PC Firewall Choices Valdis . Kletnieks (Jan 17)
    - Re: PC Firewall Choices Michael Silk (Jan 17)
    - RE: PC Firewall Choices Nick Hyatt (Jan 17)
    - Re: PC Firewall Choices greybrimstone (Jan 17)
    - Re: PC Firewall Choices Juliao Duartenn (Jan 18)
    - Re: PC Firewall Choices Joachim Schipper (Jan 18)
    - Re: PC Firewall Choices greybrimstone (Jan 19)
    - Re: PC Firewall Choices John LaCour (Jan 18)
    - RE: PC Firewall Choices Very Unprivate (Jan 17)
    - Re: PC Firewall Choices greybrimstone (Jan 17)
    - Re: PC Firewall Choices Nancy Kramer (Jan 18)
    - Re: PC Firewall Choices greybrimstone (Jan 19)
    - Re: PC Firewall Choices Stan Bubrouski (Jan 19)
    - Re: Secure Delete for Windows sk (Jan 17)
    - Re: Secure Delete for Windows Yvan Boily (Jan 17)
    - RE: Secure Delete for Windows y0himba (Jan 17)

(Thread continues...)