Firewall Wizards mailing list archives

Re: X server in a Firewall

From: Peter Bruderer <brudy () bruderer-research com>
Date: Wed, 25 Jan 2006 08:51:12 +0100

On Tue, 2006-01-24 at 19:57 -0800, John M wrote:


But what do you think about a _local_ GUI
administration (via X window) in a firewall?

My question was: what is better (or worse), taking in
account the GUI requeriment: a local X window server
running in the firewall, to be managed localy(that is,
no remote access)  or a web server, ssh based system
or another port based in a proprietary protocol, to be
managed remotely? 

Or rephrasing the question: which is riskier?


Software has bugs.

Having X Windows running on a firewall opens a big risk of local
exploits. What's not installed can not be hacked and does not need to be
maintained.

If you cannot manage the firewall without the local GUI, maybe you
should get another product.

There are enough good products, which do not need a local GUI to
administrate the firewall and do not run on a simple not even hardened
version of Linux or FreeBSD.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: X server in a Firewall, (continued)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
  - Re: X server in a Firewall John M (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Brian Loe (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Chuck Swiger (Jan 24)
    - Re: X server in a Firewall Marcus J. Ranum (Jan 24)
    - Re: X server in a Firewall Cat Okita (Jan 24)
    - Re: X server in a Firewall John M (Jan 24)
    - Re: X server in a Firewall Marcus J. Ranum (Jan 24)
    - Re: X server in a Firewall Peter Bruderer (Jan 25)
  - Re: X server in a Firewall Marcus J. Ranum (Jan 24)
    - Re: X server in a Firewall Cat Okita (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Cat Okita (Jan 24)
    - RE: X server in a Firewall Ben Nagy (Jan 24)
    - RE: X server in a Firewall Cat Okita (Jan 25)
    - Re: X server in a Firewall Carson Gaspar (Jan 25)
    - Re: X server in a Firewall ArkanoiD (Jan 25)
- RE: X server in a Firewall Martijn Berlage (Jan 27)