Firewalls: Re: No NFS on firewalls ?

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: No NFS on firewalls ?
From:	Fernando Cabral <fernando @ boemia . pix . com . br>
Date:	Wed, 26 Apr 1995 15:33:36 -0400 (BRA)
To:	srini @ igt . com, Firewalls @ greatcircle . com

Srini says

>However, if the firewall machine is allowed to mount the disk of an
>internal machine under what condition(s) does this lead to lack of security ?
>This can be a problem if the firewall itself is breached, but if that
>happens, then is everything not already lost ?

Just suppose you gain access to the internal machine whose disk has been
exported and mounted by the firewall machine. It is just reasonable to
conclude that it the remote file system is being mounted that's because
it has something usefull for the firewall itself: executables, datafiles,
tables, whatever. 

Since you've got access to that less protected machine, manipulating those
executable, files, tables you are, in fact, manipulating the firewall
itself.

Is that what you want?

And this is just the *SMALLEST* of the possibilities!!!

-fernando

Fernando Cabral
PADRAO iX Sistemas Abertos Ltda
Solucoes de Informatica
Caixa Postal 3541
70084-970 Brasilia-DF

+55 61 274-6092 (voice)
+55 61 274-5302 (fax)
boemia!fernando @
 ibase .
 br

Follow-Ups:

Re: No NFS on firewalls ?
From: peter @ nmti . com (Peter da Silva)

Indexed By Date	Previous:	Re: E-mail virus scanning(Good Times) From: amolitor @ anubis . network . com (Andrew Molitor)
Indexed By Date	Next:	Re: Livingston IRX Firewall Router From: "Frank Heinzius" <FRIMP @ guru . mms-gmbh . de>
Indexed By Thread	Previous:	No NFS on firewalls ? From: srini @ igt . com (Srini Seetharam)
Indexed By Thread	Next:	Re: No NFS on firewalls ? From: peter @ nmti . com (Peter da Silva)