Firewalls: Re: CIA Firewalls?

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: CIA Firewalls?
From:	Adam Shostack <adam @ homeport . org>
Date:	Thu, 19 Sep 1996 22:29:33 -0500 (EST)
To:	michael @ memra . com (Michael Dillon)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<Pine . BSI . 3 . 93 . 960919142320 . 15692B-100000 @ sidhe . memra . com> from "Michael Dillon" at Sep 19, 96 02:29:23 pm

Michael Dillon wrote:
| A more important question is "how were the DOJ and CIA sites hacked".
| If they were running an old version of NCSA httpd or a UNIX machine with
| full services and no patches then perhaps they deserved what they got.
| 
| Nowadays, Apache is pretty secure and it is quite easy to secure a UNIX
| machine simply by taking the trouble to review available patches and to
| turn off unneeded services. 

	Don't forget careful review & handling of CGI.  I suspect bad
cgi is at fault regularly.  I know the CGI I review tends to start out
pretty trusting that its input is freindly.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:

Re: CIA Firewalls?
From: Michael Dillon <michael @ memra . com>

Indexed By Date	Previous:	Re: Request for Information (Security for Educational Research Institute) From: lists @ lina . inka . de (Bernd Eckenfels)
Indexed By Date	Next:	viruswalls & firewalls From: "Andy Watts" <andywatt @ loxinfo . co . th>
Indexed By Thread	Previous:	Re: CIA Firewalls? From: Michael Dillon <michael @ memra . com>
Indexed By Thread	Next:	Re: CIA Firewalls? From: Robert Hanson <roberth @ cet . com>