[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: is it secure enough
Paul,
Why not be helpful instead of being blunt (just a euphemism for
rudeness). There are good reasons why folks might want to run sendmail
on the firewall machine including the abscence of a second machine to
run it on.
As to the "screwed-up" state of Erez's setup, can you be a little
more specific? And what sendmail exploit are you referring to? As to
your rhetorical question regarding attempth crack attempts, well that is
not what Erez asked about - but you have a point, crack detection is
important but looking at logs (or even using ps - it could be trojanned)
is no sure-fire way of detecting a security breach.
Just a question, have you, Paul had a machine cracked?
Bruce.
PS. All flames to /dev/null
On Fri, 23 Jan 1998, Paul Farber wrote:
> Yea, don't run all those server on a firewall...... if somebody uses a hole
> in sendmail to get root privileges, then your firewall is useless. They
> could then easily snoop around your entire mail and web sites. A firewall
> must be the only program running on a Linux box to make it secure, and
> therefore protecting the rest of your network.
>
> I doubt that have covered all the holes up with your firewall because you
> have the initial set up screwed up. So your firewall is probably useless
> anyway. Not trying to be harsh, just honest. BTW, do you know what an
> attempted crack attempt looks like by searching your logs? Probably not.
> Do you log all the dropped or filtered packets so you can see who or what is
> trying to get past? Probably not.
>
> Sorry for being so blunt, but reality has just set in!
>
> Paul
>
> -----Original Message-----
> From: Erez Doron <erez@savan.com>
> To: linux ILUG <linux-il@linux.org.il>; linux network group
> <linux-net@vger.rutgers.edu>
> Date: Friday, January 23, 1998 8:36 AM
> Subject: is it secure enough
>
>
> >
> >
> >
> >I've used my linux as firewall.
> >
> >i have one ip connected to the internet.
> >i use ip-masq for internal computers
> >i use ipfwadm to disable ip-spoofing
> >i use /etc/hosts.allow & /etc/hosts.deny to allow only local computers
> >
> >
> >i should menstion here, that the linux-firewall is
> >a fully oprational machine ( i.e. mail, nfs, web, ftp , ... )
> >
> >the question is : is it secure enough ? are there aother things
> >i should know of or do ?
> >
> >btw: i use redhat4.2, kernel 2.0.33. any need to upgrade ( to RH5.0 ? )
> >
> >Regards
> >Erez.
> >
> >
> >
>