On 2 Mar 00, at 14:01, St. Dee wrote:
> I'll likely be moving to a cable modem soon and intend to install a
> machine to act as a firewall, likely a Linux box.
linux is a Good Move ... ceratinly, in its default state, it's at
least as secure (when used as a firewall) as anything emanating from
a certain purveyor of operating systems based near Seattle. It's
cheaper, too!
> Since it will be
> sitting there all day doing nothing other than screening stuff between my
> LAN and the 'Net, I thought I'd run mprime (if Linux) on it.
This sounds eminently sensible.
> Of course,
> all of the security gurus say to run nothing beyond the programs actually
> needed on the firewall box.
Hey, I'm a security guru of a sort ... the idea is not to run
anything which gives crackers a toehold, or causes unacceptable
throttling of the firewall throughput.
> Am I creating any security risks by running
> mprime on the firewall box? I'm sure some of you must be doing
> that--noticed any problems?
Few of us know what code George has embedded in the code which
computes the tag which PrimeNet uses to check that incoming results
are genuine. However, this does not seem to present a major risk!
Apart from that, what mprime does is very network friendly & seems to
present an insignificant risk to operation of a firewall.
I've run mprime on an anonymous FTP server for almost 18 months &
haven't had any incidents (yet). The basic rules are (a) always run
mprime using "nice -n20" to give other processes all the CPU time
they need; (b) never run mprime as root; (c) make it harder for any
cracker who does get onto your system to exploit any weakness that
may be in mprime by running it in a directory with no access to
anyone except a user set up specially to run mprime. And make sure
shadow passwords are enabled. Recent linux distributions do this by
default.
All this is virtually paranoia since I believe the risk posed by
running mprime is practically nil - but it's good practise, anyway.
Regards
Brian Beesley
_________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
