Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Nov 2001 01:35:24 -0800
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "FreeBSD user" <freebsd@XtremeDev.com>, "Lord Raiden" <raiden23@netzero.net>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   RE: Security trial for BSD firewall box.
Message-ID:  <009401c16b5d$5b0a0b40$1401a8c0@tedm.placo.com>
In-Reply-To: <20011111040355.D42368-100000@Amber.XtremeDev.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
>-----Original Message-----
>From: owner-freebsd-questions@FreeBSD.ORG
>[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of FreeBSD user
>Sent: Sunday, November 11, 2001 3:13 AM
>To: Lord Raiden
>Cc: freebsd-questions@FreeBSD.ORG
>Subject: Re: Security trial for BSD firewall box.
>
>
>I know almost nothing about hacking. But what little I do know, know that
>firewalls only play a small part in securing a server. You can have the
>most well written firewall rule set that allows only smtp, and it can
>still be hacked. Hackers root a system not through the firewall rules, but
>through exploitable daemons. Run an smtp daemon that is unpatched and
>rootable, and you're leaving yourself wide open.

Not always.  Besides server security and firewalling, there's also the
question of network design.

In the example of a rooted smtp server, if that server was in a DMZ, and
users of it pulled mail via IMAP or POP, then if someone rooted it they
still should not be able to get from it to the inside network.  Sure the
e-mail could get compromised and they could install a trojan on the POP
daemon to acquire passwords, but if the users used different passwords for
POP then for interior access, you would still be pretty secure.


Ted Mittelstaedt                                       tedm@toybox.placo.com
Author of:                           The FreeBSD Corporate Networker's Guide
Book website:                          http://www.freebsd-corp-net-guide.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009401c16b5d$5b0a0b40$1401a8c0>