Why advocating Linux can be an up hill battle...
Chris Brenton
cbrenton at chrisbrenton.org
Thu Apr 24 15:57:02 EDT 2003
Travis Roy wrote:
>>The Linux router was pulled and these
>>"professionals" decided that they should just plug the DSL modem directly
>>into a 16 port hub!
>
> Just wondering.. Why is this so bad? If a person is up on their patches they
> should be mostly fine.
It really depends on the person doing the locking down. IMHO patching is
never enough. There are still other issues of concern like password
strength, system config, etc. For example it amazes me how often I still
see network.vbs bouncing around. The only way it can get you is if you
are running Win9x system with "C" shared read/write w/no share password.
Not doing any of this stuff is security 101 and yet most people miss it.
Don't even get me started on the null session stuff, default OS
installs, etc. etc. that also make it trivial for an attacker to break in.
Now, with all that said, I'm not exactly saying "every IP address on the
Internet must be protected by a firewall". I do a lot of teaching for
SANS and one of the things I preach heavily is that the level of
required security is in direct relation to business need. If its no big
deal for your home system to get whacked, your Quicken files to be
downloaded, your hard drive to get nuked, to find out some script kiddie
has turned your system into a Warez site, or what ever, then life is
cool without any protection beyond simple patching.
> Before all this broadband most people were directly
> connected to their internet.
My first "firewall" was a Cisco router running IOS 9.x with simple
packet filtering. Of course back then seeing a single FTP sweep of your
address space was a big deal and 9 times out of 10 contacting the Admin
for the remote domain would result in the person getting disconnected.
Needless to say the landscape today is a wee bit more hostile. ;-)
> Sure it was on a dialup but they had an IP and
> it's not like an exploit is bandwidth intensive.
From a script kiddie perspective dial-ups are bad IPs to "own" as they
are not always on, can't push a lot of traffic when they want to do a
DDoS, and could go on/off line at different IPs making them hard to
find. Better to own an IP like a broadband connection.
> Now everybody seems to
> totally freak out when they're not behind some kind of "broadband router" or
> "personal firewall". Even now, most people with DSL or cable modems, unless
> they have more then one computer, are connected right to the device.
IMHO with good reason. "In the old days", most attacks originated from
universities as the IPs were not very closely monitored. Today its
broadband/DSL in the lead as they are monitored (on average) even less.
HTH,
C
More information about the gnhlug-discuss
mailing list