Hi, let me get this right: You think by installing a firewall, the system is somewhat secured to rootkits, because they may listen on "to be firewalled" ports? If somebody compromises your system and installs a rootkit, it's almost easy for him to fiddle holes in your firewall - because he uses a ROOTkit. To secure a server, best way is: Setup the server for boot only from CDR. Place the file system with all static files on this CDR and use the rw medium (harddisk, NFS) only if necessary, e.g. for content etc. Even if somebody hacks your services, he can't replace binaries etc. I know, such a system is harder to manage, but isn't that the price we have to pay always for a secure system? Ralf
Hi Bear,
On 2001.09.27 02:50:21 +0100 Ray Dillinger wrote:
<SNIP>
Finally, the 'su' binary is moved to sbin, and not available to any user except root.
Why leave 'su' there at all? Root is the one user who doesn't really need it, especially from the console.
<SNIP>
Now, here is my question: Do I get material additional security from my firewall, or does over-the-top paranoia on the other aspects of the config obviate the need for it?
IMHO, 'security through layers' is a good idea - let us say, for example, that some remote exploit is found in one of the services you do run. Let us also assume that a bad guy manages to find and use that hole to install a rootkit / some other compromise BEFORE you manage to apply the patch :-(
You then have no protection from the bad guy - his rootkit may be listening on a port which you probably would have firewalled with a strict firewall setup.
Remember : it's not paranoia if *they* are really after you, and the bad guys are after us all (or our boxes, at least)
Just 2 cents. Maf.
Bear
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It is easier to do a job right than to explain why you didn't."
- Martin Van Buren
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
* * Ralf 'coko' Koch * mailto:info@formel4.de * --- Windows-Error: Mouse not found - A mouse driver hasn't been installed. Please click the left mouse button to continue.