[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hacking a firewall

On Tue, 3 Aug 1999, Simon Martin wrote:

> Hi all,
> I have tendered for a few Internet/Intranet projects where I will be using
> Debian with Apache / sendmail / inn / etc to provide the necessary services.
> I have no problems with this, but I will also need to install a firewall,
> typical configuration (MZ, DMZ, World). I would like to use Debian here as
> well to keep everything on the same platform (do not read same host), but I
> come up against a distinct lack of knowledge, from a sales as well as a
> technical point of view:

You might consider subscribing the Debian Security Mailing List.
There are some plans to create a 'secure' Debian, but this won't happen
too soon.

> 1) Comparison of Debian Vs Firewall-1
> My major competition here is Firewall-1. Anyone know of any comparison of
> features / robustness / weaknesses?

This is impossible: Firewall-1  is a fixed product, Debian is a 
distribution. The security of the Debian box will mainly depend on
the knowlege of the person who configured it ( if done by some 
knowlegeable person it should be almost as secure as a firewall-1,
but security is hard to compare). In many situation Debian will even
be more secure (over here in Germany Firewall-1 sells with rather
weak encryption (thanks to the US goverment) and a Debian system will
easily outperform a Firewall-1 in terms of encryption strength).

> 2) VPN
> Is this available on Debian? Can I get the TCP/IP stack to encrypt / decrypt
> automatically? If so what encryption methods are available?

Yes, have a look at the FreeSwan project. The code installs easily and
supports most of the common encrytion types (but have a look at the
licence! In the US some of the enc. algorythms are patented in the US).

> 3) Hacking
> I am no hacker, and I need to become one to test my installations. Anyone
> know of resources (official or clandestine) that could help me in this
> respect. This actually could become quite a little niche market as I am sure
> that down here very few people really have the knowledge to test / debug
> firewall performance.
> I know that this last request is a very sensitive issue indeed. If any
> further documentation is required to insure the legitimacy of my request
> then please feel free to e-mail me.

Trying to hack your own boxes is NOT a valid test of security. The only
thing you test is your capability of hacking (i.e. if you can get in it
only shows that you're not a good hacker, it tells you nothing about the
quality of the system). You need a LOT of experience to judge security,
this is not a skill that can be learned from books. If your current project
requires security, please do consult a security consultant. You are right,
very vew people have the neccessary knowlege  and there is a lot of money
in this bussiness but it's also hard to keep up with the latest hacking
techniques--definitely timeconsuming.
If you need startup information, have a look at rootshell or bugtraq etc.
But don't expect people to answer questions like 'How do i become a hacker'.
Read up all available material on the websites and study bug reports.


|                                     |                             |==
| Ralf Mattes                         | rm@schauinsland.com         |==
| Programming, Administration         | rm@ns.aura.de               |==
| Thomas Varadi Internet Service      |                             |==
|                                     |                             |==

Reply to: