Firewalls: Re: Linux as a Firewall Platform

Firewalls
(December 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Linux as a Firewall Platform
From:	peter @ baileynm . com (Peter da Silva)
Date:	Wed, 18 Dec 1996 13:02:10 -0600 (CST)
To:	lists @ lina . inka . de (Bernd Eckenfels)
Cc:	arne @ Steinkamm . COM, firewalls @ GreatCircle . com
In-reply-to:	<m0va8vs-0004ixC @ lina> from "Bernd Eckenfels" at Dec 18, 96 00:28:19 am

> Of course you have. Your firewall is compromised aka useless. The hacker can
> switch off all filter rules or add dynamic ones to hack the hosts behind the
> firewall, making the protection of the firewall void.

That's true, but it's possible to lose worse than that. For example, he can
do it untraceably. Or leave a trapdoor. I know one guy who had the hacker
install a whole new kernel on him.

> Since ext2fs supports append only and immutable (which is protected by
> securelvel) choosing an operating system needs to be decided by other
> (valid) differences.

Does it support the rest of the BSD securelevel stuff (for example, you can't
access raw devices at high levels of security even as root)?

Follow-Ups:

Re: Linux as a Firewall Platform
From: lists @ lina . inka . de (Bernd Eckenfels)

References:

Re: Linux as a Firewall Platform
From: lists @ lina . inka . de (Bernd Eckenfels)

Indexed By Date	Previous:	[no subject] From: arager @ mcgraw-hill . com
Indexed By Date	Next:	Re: runlevel, immutable, freebsd vs. /dev/mem From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread	Previous:	Re: Linux as a Firewall Platform From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Thread	Next:	Re: Linux as a Firewall Platform From: lists @ lina . inka . de (Bernd Eckenfels)