[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: minimal mail config for firewall?

"C. Cooke" wrote:
> On Thu, 15 Jun 2000, Marcin Owsiany wrote:
> > Depends on your exact mail setup, I think. Maybe make a script that would
> > download the logs to some other box using scp and mail them locally then to
> > your account's mailbox. If you're downloading mail via POP to some other
> > box, you may do it via an ssh tunnel.
> Not the best way, I think... make a script that connects *to* the firewall
> with scp, and pulls the logs off it - if you have a script on the firewall
> that can automatically copy files to a remote site, then anyone who
> manages to get into the firewall automatically has a shell acount on that
> remote site... wheras with proper defensive programming, a script that
> pulls the data *from* the firewall remains safe, even if the data is
> tampered with.
> Of course, you then have a "free" account on the firewall, but if you
> create an RSA keyset that is *only* used for that *one* firewall, it
> should be secure.

Hmm... of course (once again) it does depend on your network

For example, I'm leaning towards the "glorified router" firewall, where
the firewall routes between the internet, a semi-public perimeter
network, and the internal network. Port redirection is used to map real
services into bastion hosts in the perimeter network. Therefore (correct
me if I'm wrong, I'm fat on literature and skinny on experience) the
most likely victims of an attack will be the bastion servers, not the
firewall itself. In fact, the firewall becomes the most important part
of the architecture, since it is preventing access to the (presumably
very insecure, all full of nfs and nis and smb oh my) internal network
from both the outside world and the semisecure perimeter network.

Kind of a "put all your eggs in one basket, but make a very good basket"
design. You only need one or two user accounts on the firewall, and can
really restrict root access. You don't run any services other than
perhaps sshd. So in that case, you would want absolutely no access info
stored on the bastions, but having access info stored on the firewall
would probably be ok - after all, if they've broken into the firewall
they have full network access (sniffers etc.) anyway.

On the other hand, if your firewall also serves as the bastion server
and runs daemons, then your strategy makes more sense.


Paul Reavis                                      preavis@partnersoft.com
Design Lead
Partner Software, Inc.                        http://www.partnersoft.com

Reply to: