At 09:59 AM 9/27/2001 +0100, you wrote:
IMHO, 'security through layers' is a good idea - let us say, for example, that some remote exploit is found in one of the services you do run. Let us also assume that a bad guy manages to find and use that hole to install a rootkit / some other compromise BEFORE you manage to apply the patch :-(
You then have no protection from the bad guy - his rootkit may be listening on a port which you probably would have firewalled with a strict firewall setup.
My take on the above is that if a cracker gets in far enough to install binaries, he can: 1. probably mess with your firewall rules 2. probably shut your firewall off 3. If none of the above, possibly trojan something like your web server or sshd that still has an open port in the firewall rules. What do you think am I right, or am I missing something important? ---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com