Re: Hacking a firewall
----- Original Message -----
From: Simon Martin <firstname.lastname@example.org>
To: Debian-Firewall List <email@example.com>
Sent: Tuesday, August 03, 1999 9:48 AM
Subject: Hacking a firewall
> 1) Comparison of Debian Vs Firewall-1
> My major competition here is Firewall-1. Anyone know of any comparison of
> features / robustness / weaknesses?
FW-1 Uses stateful inspection, which is way more secure then the packet
filtering techniques of ipchains and others. It's not right to compare
between the two, because the question is cost-effectiveness. FW-1 is must
more full-featured/robust/strong, etc but costs 5 digits to buy.
> 3) Hacking
> I am no hacker, and I need to become one to test my installations. Anyone
> know of resources (official or clandestine) that could help me in this
> respect. This actually could become quite a little niche market as I am
> that down here very few people really have the knowledge to test / debug
> firewall performance.
Download a security scanner (www.nessus.org is an excelent security scanner)
and run it against your box. Remember, though, that testing yourself is
always problematic, especially if you're not familiar with security. Join
bugtraq and debian-security, search for firewall setup guidelines and take a
look at the latest ipchains exploit (which might change your mind about
ipchains vs. FW-1):
"Addicted to Chaos"
Time is a great teacher, but unfortunately it kills all its pupils.
- Hector Berlioz, "Almanach des lettres francaises"