I don't agree with premise that a CD-ROM based WWW server is a viable option.
Unless your web site is very static (no databases, no HTML generation,
no frequent updates?), this would be cumbersome indeed, and still NO
guarantee against hacking. Case in point... unless your DNS server is also
"CD-ROM based" as well (a silly proposition), a hacker can always point your
WWW server domain name to another "hacked" IP address. Physical read-only
storage may offer SOME protection, but still not hackproof (not to mention the
probable performance penalty you'd pay for optical).
----------------WWW.INK.ORG\PUBLIC\KDHE-------------------
--------KANSAS DEPARTMENT OF HEALTH & ENVIRONMENT---------
----------Mills Bldg Suite 501 Topeka, KS 66612-----------
---------Phone (913) 296-5643 FAX (913) 296-8943----------
*** Forwarding note from I5004693--IBMMAIL 12/31/96 15:42 ***
Date: Tue, 31 Dec 1996 11:41:27 -0800
From: Mark Johnson <mark @
hercules .
reno .
nv .
us>
To: Dale Drew <ddrew @
mci .
net>
CC: Michael Idengren <midengre @
stetson .
edu>,
Christopher Klaus <cklaus @
iss .
net>, firewalls @
GreatCircle .
COM
Subject: Re: Air Force Web Site Hacked
Dale Drew wrote:
>
> I don't see how CDROM provides significant advantages on a WEB server
> "graffiti" attack.
>
> Using a CDROM web-server doesn't provide resistance to an
> attacker who gains access to the system as ROOT (or the user that owns
> the http process), and the system has some form of (or access to)
> writable media available.
>
> The attacker just repoints the httpd root tree to the writable media (eg;
> "/tmp") and away from the CDROM.
>
> http://www.security.mci.net
> ===============================================================
> Dale Drew MCI Telecommunications
> Sr. Manager internetMCI Security
> Engineering
> Voice: 703/715-7058 Internet: ddrew @
mci .
net
> Fax: 703/715-7066 MCIMAIL: Dale_Drew/644-3335
>
> At 11:57 PM 12/30/96 -0500, Michael Idengren wrote:
> >I don't know about the rest of you but I agree with the idea of putting a
> >webserver on a CD-ROM. I think the government can afford to write a new
> >CD every time they need to update someone's email address anyways :)
> >
> >Mike Idengren | MEISTER
> >---------------------------------+----------------------------------
> >Center for Information Technology| Alachua Free-Net IRC Administrator
> >Stetson University | WorldWide Free-Net IRC Network Coordinator
> >
> >
> >
> >
> >
I have not set one up yet(Planned for July), but I believe you can have
a totally CDROM machine, at least using Novell or NT. Bootable CDROMs
and all data on CDROM so you would not have any writable media.
Can anyone confirm of deny my thoughts?
Mark
--
Mark Johnson
Network Project Manager
St. Mary's Regional Med Ctr
mark @
hercules .
reno .
nv .
us
---- End of mail text
Additional SMTP headers from original mail item follow:
Received: from relay1.UU.NET by ibmmail.COM (IBM VM SMTP V2R3) with TCP;
Tue, 31 Dec 96 15:43:03 EST
Received: from miles.greatcircle.com by relay1.UU.NET with ESMTP
(peer crosschecked as: miles.greatcircle.com [198.102.244.34])
id QQbwna15264; Tue, 31 Dec 1996 15:42:24 -0500 (EST)
Received: (majordom @
localhost) by miles.greatcircle.com (8.7.1-lists/Lists-9604
17-1) id LAA12757 for firewalls-outgoing; Tue, 31 Dec 1996 11:35:24 -0800 (PST)
Received: from heather.greatbasin.com (heather.greatbasin.com [140.174.194.41])
by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA12750 for <fi
rewalls @
GreatCircle .
COM>; Tue, 31 Dec 1996 11:35:17 -0800 (PST)
Received: from marks (hercules.reno.nv.us [204.94.161.224]) by heather.greatbas
in.com (8.8.4/8.7.3) with SMTP id LAA14508; Tue, 31 Dec 1996 11:34:30 -0800 (PS
T)
Message-ID: <32C96C67 .
7D78 @
hercules .
reno .
nv .
us>
X-Mailer: Mozilla 3.0 (WinNT; I)
MIME-Version: 1.0
References: <3 .
0 .
32 .
19961231124626 .
007717e4 @
166 .
45 .
1 .
38>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: firewalls-owner @
GreatCircle .
COM
Precedence: bulk
|
|
