Firewalls: Re: Securing down a box for a firewall

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Securing down a box for a firewall
From:	Bernd Eckenfels <lists @ lina . inka . de>
Date:	Sat, 14 Jun 1997 01:58:09 +0200
To:	Brian Mitchell <brian @ saturn . net>
Cc:	Robert Augustine <robert @ dresden . com>, "Sameer R. Manek" <manek @ challenger . atc . fhda . edu>, Greg Witte <gwitte @ us-state . gov>, "firewalls-owner @ GreatCircle . COM" <firewalls-owner @ GreatCircle . COM>, "'firewalls @ greatcircle . com'" <firewalls @ GreatCircle . COM>
In-reply-to:	<Pine . NEB . 3 . 96 . 970613065557 . 327A-100000 @ apocalypse . saturn . net>; from Brian Mitchell on Fri, Jun 13, 1997 at 06:58:32AM -0400
References:	<199706120946 . CAA02272 @ dresden . com> <Pine . NEB . 3 . 96 . 970613065557 . 327A-100000 @ apocalypse . saturn . net>

Hello,

On Jun 13, Brian Mitchell wrote
> A firewall should not be a general host, and really should not have
> a significant number of users, so this sort of thing while effective on
> general hosts is really not effective on firewall hosts.

Yes, but you can assign 'daemonÄ users to subsystems or single Daemons. A
good example is qmail which uses quite a few users and groups. If this is
done right you dont need world writeable directories on your firewall, you
can assign each subsystem a secured context (at least on the filesystem).
This is better than running everything as user nobody.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels @
 Wittumstrasse13 .
 76646Bruchsal .
 de --
 ( .. )  ecki @
 {inka .
 de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes @
 irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy

References:

Re: Securing down a box for a firewall
From: "Robert Augustine" <robert @ dresden . com>
Re: Securing down a box for a firewall
From: Brian Mitchell <brian @ saturn . net>

Indexed By Date	Previous:	Re: Europe's firewall From: Alan <alano @ teleport . com>
Indexed By Date	Next:	Router problem! help please! From: Jose Luis Delgado <jdelgado @ nexus . net . mx>
Indexed By Thread	Previous:	Re: Securing down a box for a firewall From: Brian Mitchell <brian @ saturn . net>
Indexed By Thread	Next:	RE: Securing down a box for a firewall From: "Stackpole, Bill" <BSTACKPO @ sla . com>