SLUG Mailing List Archives
Re: [SLUG] Firewall security audit report
- To: SLUG Mailing list <slug@xxxxxxxxxxx>
- Subject: Re: [SLUG] Firewall security audit report
- From: chesty <chesty@xxxxxxxxxx>
- Date: Wed Feb 28 18:27:01 2001
- User-agent: Mutt/1.3.12i
On Wed, Feb 28, 2001 at 10:15:13AM +1100, Umar Goldeli wrote:
> > Removing binaries just means the attackers have to get them in via
> > some other means.
> Indeed. You're buying time. Time is good. If your attacker can't readily
> telnet, ftp, ssh, scp, rcp, wget, lynx etc - he's going to have to try
> much harder. And what also happens if there's no compiler on the box?
Theres no c compiler (but they could upload bin's I suppose) but there is
perl, I'll have to check if perl is needed.
> better yet, your border router acls do not allow connections ORIGINATING
> from your firewall outbound?
Unforunately, at the moment it has a proxy running.
> Agreed throughly about the turn of all listening services bit. :)
Sorry, did you say something?
> As for logging - the safest way to keep logs is to have a serial printer
> attached to your console and dumpit all on to paper and focus on physical
> secrity of the box. Do what the military does... not veyr practical, but
> once written, your logs are there forever. ;)
Printers run out of paper (printer DoS), with some printers you can reverse
the paper back and write over stuff making it unreadable.