Re: [cobalt-security] Using a separate machine for firewalling.

[Michael Stauber <cobalt@xxxxxxxxxxxxxx>]

Hi shimi,

> Now tell me, what bothers him (i still don't understand how will he
> connect if no services are running at all, and no terminals on the system
> at all) - but - in case that he somehow does - what botehrs him just
> dumping a compiled binary and run it? :-)

> Don't tell me, you erased ch* too ;-)

Tadaaaa. :o) There you got the difference between a CD-driven firewall and 
one which runs on a read-write environment like a hardisk <g>. That is 
exactly the archilles heel. You can just look at a binary in vi and then copy 
and paste it to the target system if it has the same architecture.

On the other hand: When you run the OS off the CD and you got some memory to 
burn, what about creating a RAMdisk and using that for the storage of 
hacker-binaries? 

There will always be ways to make bad things happen once someone has dodged 
all the defenses and got root access. But with the proper setup you can make 
that so darn difficult that it's quite a challenge. Like denying all 
incomming traffic originating from the outside, or with stateful inspection 
of packets, which is also quite helpful. 

Professional solutions for high risk targets usually include several 
firewalls which supervise and control each other. So if someone penetrates 
the first, outer firewall, then the next in line will notice this and will 
then shutdown the compromised one. I think the freely available SINUS 
adaptive firewall operates along those lines, too. 

-- 

Mit freundlichen Grüßen / With best regards

Michael Stauber

 Stauber Multimedia Design ____ Phone:  +49-6081-946240
 Eppsteiner Weg 9 ___  D-61267 Neu-Anspach ___ Germany
 SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM