I am asking because I simply want to know.. I am not asking to try to be hard on anyone..
Here is my thing with that, depending on what and how your hacked, once your behind the firewall, you pretty much have access to everything. Very few networks I know of shield the internal workings from the firewall. Hell, I have seen people here admit, like me, once a hacker is behind the firewall, you pretty much have free access to the rest of the network. Obviously, since each computer in my network would need different ways of getting in unless they are using some kind of kernel in, there is no firewall either. I know for a fact people on here could ssh to another machine without a password.. ;) I have seen them ask how to do it. So my question still stands.. once you have someone behind the firewall, what are you really going to be able to do UNLESS you firewall each computer. That becomes a nightmare since your having to configure firewalls every time you want to do something, and I know I am not the only one that doesn't want to be doing that. My work uses sub nets so if they got on the firewalled server, they wouldn't be able to get far since there are no routes past that. But I am sure no one does that at home. But they would get the app servers and db.. > On Tue, Nov 04, 2003 at 09:43:46AM -0600, Jeffrey Smelser wrote: > > [snip] > > Thats because the theory goes, if something happens to one > of your partitions, your not having to fix the entire drive.. > Also, you can then mark usr as read only, and eliminate many > of the root kits. > > > > But then, I hear many times your firewall computer > shouldn't run any services.. Yet I still have not gotten and > answer on how forwarding a port to another machine alleviates > getting hacked.. > > > > I'm not a security guru, but I think the point is to make sure the > *firewall* isn't hacked. An uncompromized firewall may limit what an > attacker who's compromized a server behind that firewall can do. > > But a server visible to the outside world is probably not any safer > from outside attack whether it's behind a firewall or not. > > But as I said, I'm not a security guru. If I'm wrong, I'm sure > someone will point it out. -- [EMAIL PROTECTED] mailing list
