Re: nfs and firewall
On Sun, Sep 03, 2000 at 06:01:09AM +0200, Sebastian Ritter wrote:
> On Sat, 2 Sep 2000, Carel Fellinger wrote:
>
> > Hai,
> >
> > I'm trying to secure my system, I ran pmfirewall and some tests.
> > It seems that rpc.mountd still listens on port 1024 even on the
> > outgoing ethernet.
'''
> You can find a lot of informations on how to set up Firewalls in the
> IPCHAINS-HOWTO. You can find that document under http://www.linuxdoc.org/.
I know, I'm reading it. But it takes time to fully understand it:(
> Using the firewall as a mail and news server is extremely dangerous. The
> best firewall would be a dedicated machine which ONLY acts as a
> firewall and does nothing more. I think any company that's a little bit
> nervous about security should afford that.
I'm not a company:), and I never intent to provide internet services.
Those services are for the localnet only! I want them to get denied on
the external (internet) ethernet. I don't know yet whether that still
compromises security (I've a lot of reading to do:), so for the time
being I would appreciate a verdict from a more experienced person.
Do you think that even in the above situation local only mail/news
services are a bad thing? And is that because once you get cracked
the cracker has access to your local news and mail spool?
> It seems to me that you are very new to IP security. I'd strongly advise
> you to buy external support or read lots of related books, e. g. "Building
> Internet Firewalls 2nd Edition" by O'Reilly to gain the basic
> skills. Otherwise it's very likely that you'll get cracked. ;-)
I've no money to spent on this, so I will have to read and read and read...
It's just that in the mean time i would prefer to have a safe machine:)
I understood from reading sofar that as long as you don't expose any service
to the outside world you are safe, don't know for sure yet though.
--
groetjes, carel
Reply to: