Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Firewall security audit report


On Wed, Feb 28, 2001 at 10:15:13AM +1100, Umar Goldeli wrote:
> > Removing binaries just means the attackers have to get them in via
> > some other means.
> 
> Indeed. You're buying time. Time is good. If your attacker can't readily
> telnet, ftp, ssh, scp, rcp, wget, lynx etc - he's going to have to try
> much harder. And what also happens if there's no compiler on the box? 

Theres no c compiler (but they could upload bin's I suppose) but there is
perl, I'll have to check if perl is needed. 

> better yet, your border router acls do not allow connections ORIGINATING
> from your firewall outbound?

Unforunately, at the moment it has a proxy running.

> Agreed throughly about the turn of all listening services bit. :)

Sorry, did you say something?

> As for logging - the safest way to keep logs is to have a serial printer
> attached to your console and dumpit all on to paper and focus on physical
> secrity of the box. Do what the military does... not veyr practical, but
> once written, your logs are there forever. ;)

Printers run out of paper (printer DoS), with some printers you can reverse 
the paper back and write over stuff making it unreadable.

-- 
	chesty