A guy I know has _everything_ locked down on his gateway box... It has AMSQ
running, but he has to use a floppy to transfer kernels..
> -----Original Message-----
> From: Steve Borho [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, May 05, 2000 8:07 AM
> To: [EMAIL PROTECTED]
> Subject: Re: OK, I think I'm ready.
>
> On Fri, May 05, 2000 at 08:13:43AM -0400, Burke, Thomas G. wrote:
> > It's actually quite common not to install one, especially on a
> > gateway/firewall machine... If there are more boxes inside, on the
> internal
> > netwok, then it is no problem to make a new kernel or build of whatever,
> &
> > move it to the gateway. See, if the firewall machine has no compiler,
> then
> > if someone _does_ break into the machine, then that person can compile
> no
> > malicious code.
>
> In that case you force them to ftp precompiled binaries onto your
> machine... it doesn't slow a cracker down much. One of the few ways to
> keep them from running malicious code is to mount all rw partitions as
> noexec and nosuid. But even this doesn't really help if the cracker roots
> you through a network daemon.
>
> --
> Steve Borho Voice: 314-615-6349
> Network Engineer
> Celox Networking Inc
>
> Fortune of the day:
> I learned to play guitar just to get the girls, and anyone who says they
> didn't is just lyin'!
> -- Willie Nelson
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
