[ale] OT: Firewall purchase

[Jonathan Rickman]

> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On 
> Behalf Of Christopher Fowler
> Sent: Thursday, July 22, 2004 12:56 PM
> To: Atlanta Linux Enthusiasts
> Subject: RE: [ale] OT: Firewall purchase
> 
> Maybe we should turn this into an educational discussion and 
> talk about ways to harden a Linux box being used as a 
> firewall and make it immune to the type of attacks listed in 
> this thread.

Linux running IPTables is already immune to all but the most complex types
of these attacks by virtue of the stateful packet inspection and
anti-spoofing behavior. It's just a matter of doing it. Bob's book is pretty
cheap and covers all that. We could discuss it 'till the cows come home
because there are so many possible configurations, but honestly the book
pretty much covers everything you need to know. You'd almost have to make a
conscious effort to make a fully patched Linux firewall vulnerable to the
attacks I brushed over earlier. Firewalls typically have three possible
areas of exposure, meaning that they themselves can be compromised...or the
network they protect can be accessed. I'll list them in order of how common
they are:

1) Misconfiguration - could lead to compromise of the network and possibly
the system but not necessarily both.
2) Inadequate Features - could lead to compromise of the network or in
extreme cases, the system.
3) Buggy code - could lead to compromise of the system itself, and likely
WILL lead to compromise of the network.

I'd say the breakdown is somewhere around 90% for number 1, 8% for 2, and 1%
for 3. The final 1% are things that can't be determined readily. The fourth
problem is vulnerability to DoS attacks, which could be a symptom of any of
the first three.

--
Jonathan