Firewalls: Re: Linux as a Firewall Platform

Firewalls
(December 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Linux as a Firewall Platform
From:	peter @ baileynm . com (Peter da Silva)
Date:	Tue, 17 Dec 1996 10:03:24 -0600 (CST)
To:	lists @ reflections . mindspring . com (Todd Graham Lewis)
Cc:	arne @ Steinkamm . COM, firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 95 . 961217082045 . 250K-100000 @ reflections . mindspring . com> from "Todd Graham Lewis" at Dec 17, 96 08:21:24 am

> > On a linux machine each hacker from the net, gained root privs. can change
> > it.

> If a hacker gains root on your firewall, haven't you, uhh, already lost?

That depends on what you let root do unmonitored. If root can't keep you from
logging to an immutable file and can't access devices (true on a BSD system
at "most secure" level) then they can't exploit your firewall without leaving
tracks of some kind. That's better than having them plant a tunnel for later
use.

Follow-Ups:

Re: Linux as a Firewall Platform
From: David Bonn <david @ sealabs . com>
Re: Linux as a Firewall Platform
From: Matt Willis <willis @ sctc . com>

References:

Re: Linux as a Firewall Platform
From: Todd Graham Lewis <lists @ reflections . mindspring . com>

Indexed By Date	Previous:	Re: Linux as a Firewall Platform From: Ken Hardy <ken @ bridge . com>
Indexed By Date	Next:	Re: Linux as a Firewall Platform From: Ambrose Li <acli @ www . mingpaoxpress . com>
Indexed By Thread	Previous:	Re: Linux as a Firewall Platform From: Edwin Kremer <Edwin . Kremer @ cs . ruu . nl>
Indexed By Thread	Next:	Re: Linux as a Firewall Platform From: Matt Willis <willis @ sctc . com>