[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: harden-debian script?

Just how would "chmod go-r /etc/bind/*" imply that I "only want to protect
from script kiddies and neglect other attackers?"  If an attacker manages
to get shell on my firewall, I don't want to just hand him a map of my
internal network.  I'll force him to sniff (an activity I'll likely notice
and stop).

Why all the philisophical rhetoric?

	- Scott

> But what actually does it give you? It protects you from cracker-wannabies
> who see that if there is an 'X' line in your /etc/inetd.conf, then it's time
> to run exploit 'Y'.
> This gives you a false sense of security, unless you only want to protect
> from script-kiddies while neglecting other attackers. But since you say this
> is to be 'one step in a larger security plan', then I really don't
> understand what it gives.
> regards
> Marcin
> -- 
> +--------------------------------+ The reason we come up with new versions
> |Marcin Owsiany                  | is not to fix bugs. It's the stupidest
> |porridge@pandora.info.bielsko.pl| reason to buy a new version
> +--------------------------------+ I ever heard.            - Bill Gates
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: