Re: Linux firewall vs Windows and Hardware based firewalls

To: David Fokkema <dfokkema@ileos.nl>
Cc: Debian-User <debian-user@lists.debian.org>
Subject: Re: Linux firewall vs Windows and Hardware based firewalls
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Sat, 2 Aug 2003 23:50:17 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1030802233537.2632A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20030803061906.GA3774@sirius.ileos.home>

hi ya

On Sun, 3 Aug 2003, David Fokkema wrote:

> On Sat, Aug 02, 2003 at 09:16:54PM -0700, Paul Johnson wrote:
> > On Fri, Aug 01, 2003 at 09:04:50PM +0200, David Fokkema wrote:
> > > How large is the risk? If someone is able to crack your firewall box, how
> > > much more trouble is it to crack your DNS/DHCP/Squid server?
> > 
> > That has too many variables to properly answer for your case, and
> > there's not a particularly safe general answer.

=== assume that [h/cr]acker have complete access to your fw, servers,
=== workstations ... and network 

=== now try to protect your data... its a lot simpler problem to solve
    and well defined problem

--
-- assume, that someone, from the outside can always get in if they
-- wanted to spend the time, energy, effort  for fun or profit
--

a)  try to minimize the loss of data
	- assuming that the "company data" is important
		- r/d projects
		- company financials
		- h/r salary info/benefits
		....
		( keep all those sensitive info off of the internet )

	- machine should trust another machine ...
	(manually type password and pass phrase should always be required)
		- if they break one system, they might not be able to
		get into any other server

b)  make regular off line backups ... ( stuff that won't ever be erased )
	- never overwrite backups with another backups

c)  restore your "server" from backups to make sure it works
    by re-installing the lastest linux distro from cdrom
	- bare metal restore w/ latest/greatest hardware and security
	  patches

d) once you detect a [h/cr]acker ... do NOT erase or overwrite anything

	cease all remote user and root logins and try to isolate what
	they have been watching and sniffing

	since you dont know how long the [cr/h]acker has been
	sniffing your network before you noticed them ...
	you don't know the integreity of your backups either

e) outside folks just need access to the "webserver" ...
	nothing inside the company 

f) if you allow vpn from home and wireless access to internal servers
   than you've got some serious "network security policy and enforcement"
   problems
	- you can't control the network of the user's home systems
	or their laptops

-- lots of security policy rules to create ... and enforce

most likely... all these "oh shit" will be an internal employee that
needs access to a server they shouldnt be trying to get into because
everybody else that could have given them the pwd or info is on
vacation, bz, forgot or ??

c ya
alvin

Reply to:

Follow-Ups:
- Re: Linux firewall vs Windows and Hardware based firewalls
  - From: Ron Johnson <ron.l.johnson@cox.net>

References:
- Re: Linux firewall vs Windows and Hardware based firewalls
  - From: David Fokkema <dfokkema@ileos.nl>

Prev by Date: Re: Look at these update from M$ Corporation.
Next by Date: Re: Look at these update from M$ Corporation.
Previous by thread: Re: Linux firewall vs Windows and Hardware based firewalls
Next by thread: Re: Linux firewall vs Windows and Hardware based firewalls
Index(es):
- Date
- Thread