[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Portsentry and Hacked?

Subject: RE: [cobalt-users] Portsentry and Hacked?
From: elmer@xxxxxxxxxxxxxx
Date: Fri Feb 23 14:29:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 23 Feb 2001, John Cordeiro wrote:

} Not if Portsentry was installed properly.

	I'm sorry, this is not correct. I have portsentry installed
on all of our boxes and we haven't had a problem either. But that
doesn't change the capabilities of portsentry.

	The author himself, perhaps, explains things best right in
the beginning of the README.install file when specifically states
that portsentry is part of a suite of intrustion DETECTION tools which
are intended to provide a system admin with a "Heads Up".

	No where in the documentation can I find anything that would
even remotely lead me to believe that portsentry is intended to or
capable of protecting a server from being exploited. Quite the
contrary in fact, in the first paragraph of the last section of the
README.methods files the author clearly warns users of the fact that
portsentry can and does provide savy crackers with information that
sometimes can be used to find ways to a exploit a host.

	tcp wrappers, on the other hand, has a different focuus in
that while not a full fleged intrusion PREVENTION system, reading
the README and comparing what it says to what portsentry's says
should clear things up a bit. Interestingly enough, portsentry
includes code that makes use of tcp wrappers intrusion prevention
capabilities.

	Therein lies the secret of a secure system. Portsentry does
what it does, logcheck does what it does, tcp wrappers does what it
does, tripwire, fcheck etc. do what they do, ipfwadm or ipchains do
what they do... put them altogether, keep your Cobalt updated, use
secure passwords, watch your box closely and try your best to do
everything right and you've got a much better chance of not being
cracked.

	Unfortunatley there are no absolutes. Nobody, no single
product and no combination of products can guarantee that your
server can not be exploited.

	Congratulations on managing servers so well that they have
so far survived the exploits. For that you have my respect, but I'd
bet that you've either been diligently updating your servers,
keeping a close watch over them and all the while you're investing
the time to learn what you need to know to keep they running fast
and true, and/or that you know a lot more than your message
might lead one to believe than thus there is much much more to the
security blanket that you so well crafted than just a portsentry
intallation.

	I'm not trying to rain on anyone's parade here. Installing
portsentry is a very very good idea and it does indeed substantially
increase the security of your servers. But thinking that it will
prevent them from being cracked is a very very bad idea.

References:
- RE: [cobalt-users] Portsentry and Hacked?
  - From: John Cordeiro

Prev by Date: [cobalt-users] OT ... PHPNuke
Next by Date: RE: [cobalt-users] RAQ4i and Postgres after applying path 8532
Previous by thread: RE: [cobalt-users] Portsentry and Hacked?
Next by thread: RE: [cobalt-users] Portsentry and Hacked?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index