Snort mailing list archives
RE: SNORT (Linux) / MySQL (Win32)
From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Thu, 25 Mar 2004 12:56:17 +0000
--On 12 February 2004 11:54 -0800 robert schwartz <robert () mrsquirrel com> wrote:
Second, please tell me you don't have a compiler on the firewall! If you do, remove it. A firewall should be just a firewall, and having a compiler on it opens up all kinds of Evil Things should the box ever be compromised. The theory is that an Evil Cracker can download and compile all sorts ofIncluding downloading a compiler and compiling anything they want, or compiling binaries on any machine in the world and downloading them. Or just using RPM's they downloaded. If they can download then they can download things like compilers and pre-compiled binaries and even RPM packages to install compilers.
Certainly, but the goals in removing unnecessary (and development) tools from hardened machines are twofold:
1) to prevent them being used by crackers to escalate their privileges from a normal user to root or equivalent.
2) to raise the bar such that, hopefully, the cracker will move on to someone else's machine that /does/ have the development tools installed (analogous to fitting an alarm to your car or house - it won't stop a determined thief, but it might cause and opportunist thief to pick your neighbours' property as his target instead of yours).
As ever, though, there's a trade-off between usability (administration, upgrades and debugging) and security which should be considered. If removing the dev tools, or rpm, or dpkg, or tar, or whatever makes it less likely you'll keep critical packages up-to-date, removing them is probably a Bad Thing.
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT (Linux) / MySQL (Win32) MVIBE (Feb 09)
- <Possible follow-ups>
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 09)
- RE: SNORT (Linux) / MySQL (Win32) Michael Steele (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) MVIBE (Feb 10)
- RE: SNORT (Linux) / MySQL (Win32) Fred McFeeters (Feb 11)
- Re: SNORT (Linux) / MySQL (Win32) M. Salman Farisi (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 12)
- Re: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- RE: SNORT (Linux) / MySQL (Win32) robert schwartz (Feb 12)
- RE: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 11)