Re: nfs and firewall
On Sat, Sep 02, 2000 at 08:23:08PM -0500, Phil Brutsche wrote:
> A long time ago, in a galaxy far, far way, someone said...
>
> > Hai,
> >
> > I'm trying to secure my system, I ran pmfirewall and some tests.
> > It seems that rpc.mountd still listens on port 1024 even on the
> > outgoing ethernet.
...
> I would remove the nfs-server (or nfs-kernel-server, whichever you have
> installed) package. You don't need that package to connect to an NFS
> server; only if you're going to *be* the NFS server do you need it.
Okee, removed it.
> > local machine. In the end I also think of letting the firewall machine
> > act as a local mail and news server (is that deemed secure?).
>
> It can be a bad thing: I call having "too many" services on one system
> "too many eggs in one basket". I've seen situations in the past where an
> exploit in one piece of software will expose the entire system to the
> attacker, and let him/her gain access to all that computer offers.
agreed, but...
I only want to run it as a local service, not as a service to the net.
The reason being that my firewall is the only machine on 24/7, so it
seems the logical place to provide *local-only* services to my localnet.
But being new to this securing thingy I don't know whether such a setup
would compromise security, neither do I know how to disable internet
access to those services, and how rigidly that can be done. I've a lot
of reading to do:)
--
groetjes, carel
Reply to: