Date: Sun, 19 Aug 2001 17:31:36 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "setantae" <setantae@submonkey.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: chroot'ing named(8) Message-ID: <002e01c1290f$78a03ca0$1401a8c0@tedm.placo.com> In-Reply-To: <20010819211426.A689@rhadamanth>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: setantae [mailto:setantae@submonkey.net] >Sent: Sunday, August 19, 2001 1:14 PM >To: Ted Mittelstaedt >Cc: freebsd-questions@FreeBSD.ORG >Subject: Re: chroot'ing named(8) > > >On Sat, Aug 18, 2001 at 12:14:38PM -0700, Ted Mittelstaedt wrote: >> One thing you might consider is that espically with nameservices, that >> you really ought to be running the nameserver on a box that is completely >> separate from all your other systems. If the DNS goes away then the >> entire network is junk. By contrast failure of any other single server >> won't take the network with it. >> >> Also, Internet regulations require a total of two nameservers, on separate >> networks. IMHO both should be protected by an access list on your border >> routers that blocks off all ports not needed. On top of that you should be >> backing up the bind files regularly, and for all public servers you should >> be following the patch notifications every day. If you do all or >most of this >> then I think you will find that the need for running named in a sandbox is >> greatly alleviated. > >Sorry, Ted but I fail to see how your reply addresses even one of the >concerns raised in my original mail. > >I'm perfectly aware of the concept of a dedicated server and I do know the >RFCs (I'm hostmaster for an ISP here in the UK). > >My point was that although I know how to do it, it's not documented anywhere, >the steps in the handbook will not result in a working secondary nameserver, >and it could be a lot easier. >Also, the steps required are now available in the archives for this list. > >Are you saying that an extra layer of security is pointless, so chroot'ing >named _should_ be hard ? > What I'm saying is that _if_ you run multiple servers and you back up and you apply security patches regularly as well as track whats going on in your servers then the chances of an attack are tremendously reduced, and if one does happen because an attack script is released at 2:00am and you don't patch your server until 8:00am and in the meantime they broke in, well then you have your backups. Shall I turn the question on it's head and throw it right back to you: Are you saying that the extra layer of security is a requirement so the admin can be lazy and never bother applying security patches? Note that I didn't say that all those things make it so that a sandbox is worthless. I'm just saying that those things are what your supposed to be doing ANYWAY and if you do them then you may not need the extra effort and security of a sandbox. What's appropriate for a major ISP, espically one that makes a nuisance of itself by sheltering spammers or other nasty things, is not always appropriate for s tiny ISP with 100 customers stuck out in the middle of nowhere behind a 56K link, or a corporation with 50 users, or an individual with a network of 6 machines at home. All 4 of those should be doing all those things but I would say that the sandbox is really only going to benefit the first one. The smaller organizations don't have time to do everything and so must pick and choose what they spend their manpower on, and backups, regular patching and a recovery plan are much more important. After all, systems can crash from lots of things not just attackers. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002e01c1290f$78a03ca0$1401a8c0>