transop at sympatico.ca
Sat Nov 30 12:11:10 EST 2002
On Sat, 30 Nov 2002 11:22:07 -0500
thus spake Tim Forbes <timforbes at canada.com>:
> Another thing you should consider with this approach is to actually
> REMOVE the services (i.e. binaries and associated configuration
> files) that are not needed from your firewall box. If you leave
> those services in place, but disabled, an attacker may find an
> exploit that allows them to switch those service on.
> Removing the services forces the hacker to go the extra, more
> difficult step, of installing software that he can use to exploit
> your box.
[gr] Here's something I've been wondering about: I connect through a
router/gateway with a built-in firewall. As well, I don't run any
services such as ftpd, httpd, telnet, or other such services. Do I
need to run a software firewall beside that? I'm running one
presently, but I wonder if that's necessary?
"Half the lies they told me aren't true!"
~ Yogi Berra
More information about the OCLUG