On Wed, Mar 24, 2004 at 07:09:43AM -0700, Jason Becker wrote: > [EMAIL PROTECTED] wrote: > > >>Another topic of interest is securing the box itself. Does a firewall > >>(hardware outside of the box or a linux based firewall) suffice the need? > >> > >> > > > >Depends what you are protecting against. If you want to assume some > >services are > >exploitable, you could try to break some of the exploits by firewalling > >off all ports not used, and prevent all outgoing connections from your box > >except for ports you use on that box. If you use netfilter, you can create > >rules that > >apply to user-ids as well, so you could allow asterisk more privileges. > > > > > > > Nessus (http://www.nessus.org/) is a great vulnerability assessment tool > one can use to determine if services are exploitable. >
How, pray tell, does it tell you that services are vulnerable when the information about the security hole isn't public knowledge? (unless, of course, you take microsofts stance, where security issues don't exist until they patch them, which of course is a flawed example, because they could secure peoples machines by not releasing patches.) The approach I was talking about was mitigiating and prehaps breaking used exploit code by enforcing "application behaviour". (For lack of a better term for the moment.) Also, relying on a (single) tool to tell you if you are vulnerable to something will lead you into a false sense of security. > Cheers > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users Thanks, Andrew Griffiths _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
