Re: Securing a Linux Firewall

[Brian Hatch <firewall-wizards () ifokr org>]

> OK - as someone who seems to represent the "remove the executables" camp, 
> can you explain your reasoning? I've never been able to understand _why_ 
> removing files buys you anything?
>
> (See my previous post for my strategy - castrate all priveleged binaries, 
> turn off all services, and turn logging to high)

Naturally there's the theory that 'anything you make available is another
potential vulnerability'.

I also like to remove unneeded executables (or rather the packages
(deb/rpm/etc) themselves in whole) because it makes it more annoying
to a cracker to need to upload programs like 'grep' when they're not
on the system.  Nuke 'ls' and see how many crackers will leave because
it's not worth the time.

But more importantly, any software that can be a daemon you should
remove.  Why?  Because when you update your software (rpm -F with
newest rpms, or apt-get update your debian box) it may turn that
program back on by default.  So why have it installed at all?


--
Brian Hatch                  "I see you are as
   Systems and                willful as ever."
   Security Engineer         "Far more, I've greatly
http://www.ifokr.org/bri/     improved, I've had
                              more experience."
Every message PGP signed

Attachment: _bin
Description: