[NTLUG:Discuss] A Vulnerability question
Jim Wildman
jim at rossberry.com
Mon Oct 8 10:25:59 CDT 2001
1 & 2. No. Matter of fact I deinstall ALOT of stuff from my firewall
and even from the other boxes. All the r* stuff, lpd, telnetd, etc.
If it aint installed, it aint vulnerable!
3) Depends. If you firewall off the port and that is the only port
the vulnerable program listens to, then you are not vulnerable
(assuming the firewall really works). If you have to run the program
and it has to be visible to the Internet, then you are vulnerable.
Careful reading is in order. A large proportion of the security
notices are for LOCAL exploits. ie someone other than root on the
same box can do bad things. If there are only 2 accounts on the fire-
wall (root and you), and you disallow logins from anywhere except
trusted locations (ie, inside the firewall)...then you are much less
vulnerable. I always disallow root ssh from the outside.
------------------------------------------------------------------------
Jim Wildman jim at rossberry.com
On Mon, 8 Oct 2001, Dennis Myhand wrote:
> Okay, I realize this may be a very simplistic sounding question, BUT...
>
> Whenever there is a vulnerability announced, such as for BIND, or
> another such program (Like everything on my wife's Winderz machine), am
> I vulnerable if I,
>
> 1.) Am not running that program, like not even configured but on my
> system?,
>
> 2.) Am running a firewall and not running that program, same situation
> as 1?,
>
> 3.) Or am simply running a firewall with that program running?
>
> TNX, Dennis in Victoria
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list