Firewalls: Re: secure replication of data in insecure networks

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: secure replication of data in insecure networks
From:	Brian Mitchell <brian @ firehouse . net>
Date:	Sat, 28 Jun 1997 02:11:41 -0400 (EDT)
To:	Miguel Andrés Santisteban <masantis @ ntmail . askin . es>
Cc:	VaX#n8 <vax @ linkdead . paranoia . com>, firewalls @ GreatCircle . COM
In-reply-to:	<3 . 0 . 1 . 32 . 19970627130428 . 006bc6d0 @ 194 . 140 . 56 . 87>

On Fri, 27 Jun 1997, Miguel [iso-8859-1] Andrés Santisteban wrote:

> No, I just snfs mount the filesystems of my bastions on another box
> and run tripwire on them.  This avoids the problems alluded to by mjr
> I think, where tripwire can be fooled if the kernel or libc.so on the
> box running tripwire have been tampered with.
> 

nope, doesnt help (much). nfsd can lie to your secure machine, as can the
kernel calls utilized by it.


Brian Mitchell                           brian @
 firehouse .
 net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt

References:

Re: firewll-1
From: Miguel Andrés Santisteban <masantis @ ntmail . askin . es>

Indexed By Date	Previous:	Re: question about firewalls on NT From: Ken Hardy <ken @ bridge . com>
Indexed By Date	Next:	Spooky Tremors in InfoSec From: Vin McLellan <vin @ shore . net>
Indexed By Thread	Previous:	Re: firewll-1 From: Miguel Andrés Santisteban <masantis @ ntmail . askin . es>
Indexed By Thread	Next:	Re: NFS port numbers (fwd) From: Pavel Galynin <pgalynin @ chipnet . cz>