|
Firewall Wizards
mailing list archives
Re: Securing a Linux Firewall
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 13:48:07 -0700
OK - as someone who seems to represent the "remove the executables" camp,
can you explain your reasoning? I've never been able to understand _why_
removing files buys you anything?
(See my previous post for my strategy - castrate all priveleged binaries,
turn off all services, and turn logging to high)
Naturally there's the theory that 'anything you make available is another
potential vulnerability'.
I also like to remove unneeded executables (or rather the packages
(deb/rpm/etc) themselves in whole) because it makes it more annoying
to a cracker to need to upload programs like 'grep' when they're not
on the system. Nuke 'ls' and see how many crackers will leave because
it's not worth the time.
But more importantly, any software that can be a daemon you should
remove. Why? Because when you update your software (rpm -F with
newest rpms, or apt-get update your debian box) it may turn that
program back on by default. So why have it installed at all?
--
Brian Hatch "I see you are as
Systems and willful as ever."
Security Engineer "Far more, I've greatly
http://www.ifokr.org/bri/ improved, I've had
more experience."
Every message PGP signed
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
Re: Securing a Linux Firewall Kevin Steves (Jul 26)
RE: Securing a Linux Firewall Bruce Platt (Jul 23)
|
Intro
