Shorewall for web server?

[Tim]

On Wed, 2005-12-28 at 21:49 +0800, John Summerfied wrote:
> I've seen a couple of cracked boxes. The first thing the intruders did
> was install their own server, an IRC bot. It was licenced under the
> GPL, and they complied with the licence, giving me the source code to
> it.
> 
> It's true the boxes had servers on them: one needs ssh for remote 
> maintenance, and it's the nature of useful server (boxes) that they
> run server software on them, but the intruders didn't use the existing
> ervers except to gain entry.

And how did they crack your box, and install stuff on it?  It'd be an
exploit of a *service* of some kind.  If there was no service on the
firewall (the only machine that they can directly access), then they
couldn't install anything on it.  They have to have something to
exploit.

> The protection offered by a firewall against incoming attacks is
> vastly overrated.

That's for sure, particularly if people believe that just having one
protects them without any effort on their behalf, or that it's an
absolute protection.  As I said, it's just another step towards greater
security.

But a real, firewall-only, device between you and them does what the
word suggests.  It's a hardy object that they can't do much to, and
makes it difficult to do anything beyond it.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.