[plug] MS vulnerability
Craig Ringer
craig at postnewspapers.com.au
Fri Aug 15 17:16:33 WST 2003
>> As for the best firewall choice: Debian :-)
>
> Debian didn't stop GNU's web server from being gotten into :)
FTP server - therein, I suspect, lying the problem.
Also, the firewall is likely to be configured as an ultra-cut-down
system (which debian is great at, probably best save for DIY distros)
and needs to be stable and tested but not overly featureful (Debian
again). In fact, I'd be strongly inclined to make such a firewall a
transparent bridge with packet filtering - unaccptable packets just get
'eaten by the wires' but everything known clean just goes through as if
the firewall was never there. The firewall's interfaces don't even have
IP addresses.
Of course, if you wanted to be /seriously/ paranoid you'd then drop
OpenBSD into it instead - because that OS is certainly well tested and
AUDITED, and if you don't need to add extra software it might do the job
well. Assuming you're comfortable with BSD, the BSD packet filter, etc.
I have a hard time keeping up with all the OSes I have to already, and
just don't need another one...
> It doesn't say in the article that its Debian, but a quick check with
> Netcraft's "Whats that web server running?" tool shows that it is.
Interesting. Guess it should've been running "The HURD" :-P *lol* . It's
hard to break into something that doesn't actually work...
Craig Ringer
More information about the plug
mailing list