Re: Unix Hardening for FW installation

From: Marcus J. Ranum (mjrat_private)
Date: Wed Oct 27 1999 - 18:13:07 PDT

Next message: Anton J Aylward: "RE: FW: BlackIce Defender???"

Previous message: Marcus J. Ranum: "Re: FW: BlackIce Defender???"
Maybe in reply to: brendon.b.taylorat_private: "Unix Hardening for FW installation"
Next in thread: Chris Boscolo: "Re: Unix Hardening for FW installation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Can anyone suggest resources or sites with info on securing a UNIX system
>for installation of a firewall.

I used to believe in "stripping" operating systems. Now I believe
in "building" them. Rather than removing what I think may be bad,
I prefer to start with a bootstrap loader and add the things I
need. :)

The NFR appliance (which I happened to do the first round of
system integration for) was built in the manner described above.
I took the bootstrap, added a kernel and filesystem, a minimum
of devices, and then coded my own version of init and everything
above kernel space.

Been bitten too many times by trusting other people's apps. No
shell, no password file, no /etc/fstab, no nothing equals nothing
to go wrong.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

Next message: Anton J Aylward: "RE: FW: BlackIce Defender???"
Previous message: Marcus J. Ranum: "Re: FW: BlackIce Defender???"
Maybe in reply to: brendon.b.taylorat_private: "Unix Hardening for FW installation"
Next in thread: Chris Boscolo: "Re: Unix Hardening for FW installation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:35 PDT