[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Is a firewall necessary with a RaQ?

Subject: Re: [cobalt-users] Is a firewall necessary with a RaQ?
From: rpenna@xxxxxxxxxxx
Date: Wed Nov 14 08:21:15 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

A robust firewall in front of your network can provide a lot of
benefits. I'll give an example of a customer of ours who was recently
hacked. The attacker got in and installed a sniffer. He setup an SSH server
running on port 8000 so he could get back in to the server. He then rm'ed
/bin/login and the normal sshd. So, the victim couldn't log in and had no
idea what was happening.

However, what the attacker soon learned, was the customer's firewall
didn't allow any traffic into port 8000. So, when he logged out to wait for
his sniffer to collect other neat information, the firewall effectively
blocked him from getting back in to retrieve his sniffer logs. It helped
from any other damage being done. It also gave me the logs to see where he
was coming from and contact the other parties whose networks were involved.

Not to mention other intangibles such as being able to partially
insulate from DoS attacks as well as filtering things such as Nimda
propogation and building a security skill set so you can make more money.
:)

Don't get me wrong, for a small business on a budget, shelling out 5-10
grand for something like Checkpoint Firewall-1 is impossible for alot of
people. But even something as simple as a PII-300mhz PC running OpenBSD
acting as your firewall can reap you some nice benefits. Total cost to you
is minimal, maybe a couple hundred bucks.

IMO, if you have Windows servers on your network as well, a firewall is
an absolute necessity. A "scratch the surface" document can be found here:
http://www.onlamp.com/pub/a/bsd/2000/07/05/OpenBSD.html

Yes, I'm an OpenBSD fan. Linux is also a viable platform. I prefer
OpenBSD because of its better track record in regards to security. Happy
playing. :)

Ron Penna
Systems Engineer
Netrica Inc.
phone: 716-340-1969
email: rpenna@xxxxxxxxxxx

Rusty Wilson
<rustyw007@xxxxxxxxx> To: cobalt-users@xxxxxxxxxxxxxxx
Sent by: cc:
cobalt-users-admin@list. Subject: [cobalt-users] Is a firewall necessary with a
cobalt.com RaQ?

11/13/2001 08:50 PM
Please respond to
cobalt-users

I cant imagine how many virtual groans my subject line caused, but I'm
not an expert in this area, and I am curious...

I know what the basic purpose of a firewall is, and I understand the
different types (application/proxy, packet filtering, hybrid). What I
am wondering is...

How much *additional* security does a firewall afford over a cobalt RaQ
with only "official" (i.e. from Sun support) packages installed?

Even with a firewall, good practice dictates that you shut down all
unnecessary services on your servers (whatever they may be). My
understanding of the internet "applicance" idea is that only the
necessary services are there in the first place - so I'm not sure what
I gain by adding a firewall.

Thanks!
Rusty

__________________________________________________
Do You Yahoo!?
Find the one for you at Yahoo! Personals
http://personals.yahoo.com

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] Is a firewall necessary with a RaQ?
  - From: Dan Kriwitsky

Prev by Date: [cobalt-users] Raq2 memory: where?
Next by Date: Re: [cobalt-users] .US domain Help please
Previous by thread: Re: [cobalt-users] Is a firewall necessary with a RaQ?
Next by thread: RE: [cobalt-users] Is a firewall necessary with a RaQ?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index