Run Your Firewall Halted for Extra Security

← Back to Stories (view on slashdot.org)

Run Your Firewall Halted for Extra Security

Posted by michael on Friday February 8, 2002 @04:27AM from the neat-trick dept.

n8willis writes: "There's a great article over at the SysAdmin magazine site that presents a unique approach to improving network security: run your firewall in a halted state. This means runlevel 0; no processes running and no disks mounted, but with packet filtering still on. The author heard a rumor of this capability in the 2.0 series kernels, and he's managed to get it working in 2.2 as well."

11 of 390 comments (clear)

Works for me... by Rorschach1 · 2002-02-08 04:31 · Score: 4, Funny

Though I usually just use the power switch. Can't beat a powered-off firewall for security.
1. Re:Works for me... by Jonny+Ringo · 2002-02-08 05:52 · Score: 2, Funny
  
  I actually just light mine on fire. It just makes sense, than once the fire catches to the cords I know I'm secure.
Even better...:) by RampagingSimian · 2002-02-08 04:33 · Score: 1, Funny
- Run your system in a halted state; lemme see Joe Scr1pt0r root that!.
- Post a link that says "Hack my l33t firewall!" [as seen in a clever .sig].
:D
better still.. by Hooya · 2002-02-08 05:17 · Score: 2, Funny

is the system i have at home. i look at each incoming packet on paper and then pass it on the the lan if it looks legit. the only way to punch a hole in the firewall is with a shotgun at my belly..
Old news by pHalec · 2002-02-08 05:22 · Score: 2, Funny

Bah, I've got an old Pentium with some faulty memory that crashes on a regular basis.

It's been reliably packet-forwarding for me for over a month with a kernel-oops on screen.
Re:Logging? - syslog by JimR · 2002-02-08 05:23 · Score: 2, Funny

As other people have pointed out there will be no
syslog running in runlevel 0.

I guess you could always run the video out into
a VCR... or use a serial console and a line printer.

--
#exclude <ms/windows.h>
Re:Another way by Anonymous Coward · 2002-02-08 05:51 · Score: 1, Funny

I keep my computer secure by keeping it powered down.
But... by Klowner · 2002-02-08 05:52 · Score: 3, Funny

Then how would I telnet to my firewall from school?

*dodges flying shoes*

;)

Klowner
I'm more secure by Anonymous Coward · 2002-02-08 06:22 · Score: 2, Funny

Cool! I just halted my BlackIce service. If I hadn't read this article, I would never have known that doing that would make me more secure.

Thanks Slashdot :) You rock. I don't have to worry about my hard drive shares being exposed now...
Re:Logging? by Foxman98 · 2002-02-08 07:39 · Score: 3, Funny

would be fairly easy...

see we have this thing these days....

it's called "fire"

i have portable "fire creation device".

commonly called a "lighter"

;-p

--
S.t.e.v.e.
Can't use it, either. by mfh · 2002-02-08 08:33 · Score: 2, Funny

Just testing my user id #56 really. :)

--
The dangers of knowledge trigger emotional distress in human beings.