Great Circle Associates Firewalls
(January 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: Air Force Web Site Hacked
From: "Jason T. Luttgens" <luttgenj @ kic . or . jp>
Date: Thu, 2 Jan 1997 13:50:18 +0900
To: "firewalls @ greatcircle . com" <firewalls @ greatcircle . com>, "'Norm Laudermilch'" <norm @ UU . NET> 
Why not get Practical Unix and Internet Security from O'Reilly and do what is says.
I bet if everyone disabled stupid services (on unix hosts), installed TCP wrappers to
allow telnets from limited IP addresses, did Cisco's recommendations on preventing
IP spoofing, used Linux or another free x86 Unix and ssh to telnet in, and subscribed
to security mailing lists to keep up on things, these incidents would slow down a LOT...how 
many people out there have done this to their unix host?? Get to work you system admins! 

All this is your fault......


----------
From:  Norm Laudermilch[SMTP:norm @
 UU .
 NET]
Sent:  Wednesday, January 01, 1997 8:57 AM
To:  firewalls @
 greatcircle .
 com
Subject:  Re: Air Force Web Site Hacked


[from Michael Idengren:]
> I don't know about the rest of you but I agree with the idea of putting a
> webserver on a CD-ROM.

[from Thomas Leitner:]
> why not just put it on a separate disk which is mounted
> read-only?

[from Dale Drew:]
> Using a CDROM web-server doesn't provide resistance to an 
> attacker who gains access to the system as ROOT...

Keep in mind that this entire thread assumes that the attacker will *not* 
take an easier approach, such as compromising the DNS records that point to
the server.  In this case, the attacker can create any web content they like,
spend all the time in the world creating it, and then quickly convince the
DNS servers that www.foo.com now resolves to the new (fake) address.  Securing
your www server is just a first (although important) step.

I do think read-only media is an interesting idea, by the way :)  Dale is 
right though, there are still vulnerabilities.  Personally, I like the idea 
of marking the files immutable myself.  This way, even root can't change the
content unless the machine is brought down into single-user mode.  Not sure
how many other operating systems support this other than (the great) BSDI
though.

Happy new year (2 minutes to go...),
Norm

----------------------------------------------------------------------
Have you cleaned your packet filter lately?     - Josh Osborne
----------------------------------------------------------------------
Norm Laudermilch                            E-mail: norm @
 uu .
 net
Manager, Information Security               Phone:  703-206-5952
UUNET Technologies, Inc.                    
3060 Williams Drive                        
Fairfax, VA 22031-4648                    
----------------------------------------------------------------------
Indexed By Date Previous: Re: Christopher Klaus and ISS
From: Todd Graham Lewis <lists @ reflections . mindspring . com>
Next: Re: DNS Proxy and Internal Root Name Server
From: Jean-Francois ZWOBADA <zwobada @ apogee-com . fr>
Indexed By Thread Previous: Re: Air Force Web Site Hacked
From: Chris Lonvick <clonvick @ cisco . com>
Next: RE: Air Force Web Site Hacked -Reply
From: Brian Stone <bstone @ smtpgw . adtdata . com>
Google
 
Search Internet Search www.greatcircle.com