Date: Mon, 12 Nov 2001 01:35:24 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "FreeBSD user" <freebsd@XtremeDev.com>, "Lord Raiden" <raiden23@netzero.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Security trial for BSD firewall box. Message-ID: <009401c16b5d$5b0a0b40$1401a8c0@tedm.placo.com> In-Reply-To: <20011111040355.D42368-100000@Amber.XtremeDev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of FreeBSD user >Sent: Sunday, November 11, 2001 3:13 AM >To: Lord Raiden >Cc: freebsd-questions@FreeBSD.ORG >Subject: Re: Security trial for BSD firewall box. > > >I know almost nothing about hacking. But what little I do know, know that >firewalls only play a small part in securing a server. You can have the >most well written firewall rule set that allows only smtp, and it can >still be hacked. Hackers root a system not through the firewall rules, but >through exploitable daemons. Run an smtp daemon that is unpatched and >rootable, and you're leaving yourself wide open. Not always. Besides server security and firewalling, there's also the question of network design. In the example of a rooted smtp server, if that server was in a DMZ, and users of it pulled mail via IMAP or POP, then if someone rooted it they still should not be able to get from it to the inside network. Sure the e-mail could get compromised and they could install a trojan on the POP daemon to acquire passwords, but if the users used different passwords for POP then for interior access, you would still be pretty secure. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009401c16b5d$5b0a0b40$1401a8c0>