Why advocating Linux can be an up hill battle...

Chris Brenton cbrenton at chrisbrenton.org
Thu Apr 24 15:57:02 EDT 2003 

Travis Roy wrote:
>>The Linux router was pulled and these
>>"professionals" decided that they should just plug the DSL modem directly
>>into a 16 port hub!
> 
> Just wondering.. Why is this so bad? If a person is up on their patches they
> should be mostly fine.

It really depends on the person doing the locking down. IMHO patching is 
never enough. There are still other issues of concern like password 
strength, system config, etc. For example it amazes me how often I still 
see network.vbs bouncing around. The only way it can get you is if you 
are running Win9x system with "C" shared read/write w/no share password. 
Not doing any of this stuff is security 101 and yet most people miss it. 
Don't even get me started on the null session stuff, default OS 
installs, etc. etc. that also make it trivial for an attacker to break in.

Now, with all that said, I'm not exactly saying "every IP address on the 
Internet must be protected by a firewall". I do a lot of teaching for 
SANS and one of the things I preach heavily is that the level of 
required security is in direct relation to business need. If its no big 
deal for your home system to get whacked, your Quicken files to be 
downloaded, your hard drive to get nuked, to find out some script kiddie 
has turned your system into a Warez site, or what ever, then life is 
cool without any protection beyond simple patching.

 > Before all this broadband most people were directly
> connected to their internet.

My first "firewall" was a Cisco router running IOS 9.x with simple 
packet filtering. Of course back then seeing a single FTP sweep of your 
address space was a big deal and 9 times out of 10 contacting the Admin 
for the remote domain would result in the person getting disconnected.

Needless to say the landscape today is a wee bit more hostile. ;-)

> Sure it was on a dialup but they had an IP and
> it's not like an exploit is bandwidth intensive.

 From a script kiddie perspective dial-ups are bad IPs to "own" as they 
are not always on, can't push a lot of traffic when they want to do a 
DDoS, and could go on/off line at different IPs making them hard to 
find. Better to own an IP like a broadband connection.

> Now everybody seems to
> totally freak out when they're not behind some kind of "broadband router" or
> "personal firewall". Even now, most people with DSL or cable modems, unless
> they have more then one computer, are connected right to the device.

IMHO with good reason. "In the old days", most attacks originated from 
universities as the IPs were not very closely monitored. Today its 
broadband/DSL in the lead as they are monitored (on average) even less.

HTH,
C

More information about the gnhlug-discuss mailing list