Date: Sat, 06 Jul 2002 05:07:06 +0900 From: "Kim Okasawa" <kimokasawa@hotmail.com> To: _@r4k.net Cc: freebsd-security@freebsd.org Subject: Re: Any security issues with root's cron job? Message-ID: <F1208b12VqtpbGUyLCj00007ec6@hotmail.com>
next in thread | raw e-mail | index | archive | help
>From: Stephanie Wehner <_@r4k.net> >To: Kim Okasawa <kimokasawa@hotmail.com> >Subject: Re: Any security issues with root's cron job? >Date: Wed, 3 Jul 2002 16:48:37 +0200 > >Hi Kim, > > > Can anyone think of any potential security risks to such practice? > >Any suggestions and comments are greatly appreciated. Thank you! > >Not from the cronjob directly, however why would you want to change >your ipfw rule set according to time ? > >What I would check in this case is how your machine keeps time, >eg it must be rather accurate. Also, by getting timing information >from a remote ntp server for example would then mean you place your >firewall rules pretty much into their hands. > Hi Stephenie: Good thinking. You are absolutely right! The time should be rather accurate in order for this to function correctly. How about letting the server to run its ntp service? Clients who want to access to the server would have to sync with it if necessary. But this means that the firewall needs to open the ntp port and may create other problems. What I want is to create a virtual timed vault that only allow the world to access to certain services within a specific period of time. In my case, some services/ports don't need to be available to the public from 8PM-8AM. Closing those ports may mean less troubles. Any suggestion on how to deal with the ntp problem? Thanks. Best Regards, Kim _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F1208b12VqtpbGUyLCj00007ec6>