Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Enemy Within: Firewalls and Backdoors

Posted by CowboyNeal on from the securing-the-perimeter dept.

hrbrmstr writes "SecurityFocus is running an article on firewalls and backdoors on their InFocus site. They provide info on firewall types, backdoor classifications, some examples of real backdoors and tips on mitigating their use on your network." Some good topics explained for the beginner, and it's a nice refresher for the veteran admin as well.

5 of 225 comments (clear)

  1. Good info by rekkanoryo · · Score: 4, Insightful
    I had a basic idea of a lot of stuff here an some knowledge of some things, too. This was a nice crash-course.

    Kinda makes me wonder, though, how often articles like this spawn ideas in the minds of the "wrong people," leading to attacks or attempts to attack. Anyone else ever wonder that?

    1. Re:Good info by irc.goatse.cx+troll · · Score: 5, Insightful

      Security through obscurity does work though, so long as its not the only layer.
      An example would be lets say you're making your own home made cluster remote administrative tool for admining all of your servers from one console. What would be more secure:
      A: Greeting the user upon connection with a description of the service, full protocol docs, source code, etc.
      B: Sitting, waiting 5 seconds for the first command before dropping the connection. If client sends one wrong byte, instantly drop the connection and firewall their ip so that they cant get a single packet through.

      Obscurity isnt security in itself, however it does make a nice addition to an already secure setup.

      And if you think full disclosure means instant security, take a look at that opensource database thats had a serious bug in it for 8 years that was only found recently. I can't think of the name off hand, I believe it started with 'Inno'. Even though "thousands of eyes scoured the source code" it still didnt get noticed for eight years-- that is, noticed by anyone that went public with it.

      --
      Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  2. The whole article describes: by Alex+Belits · · Score: 4, Insightful

    1. What firewall software pretends to do (as opposed to what it actually accomplishes).

    2. How to become a perfect target of DoS attack through paranoia (imitation of any intrusion-like activity will make the supposed origin unable to access you).

    3. How to defend yourself when you have already lost, and are for all practical purposes as good as dead.

    --
    Contrary to the popular belief, there indeed is no God.
  3. Everyone seems to be missing the point by scottme · · Score: 5, Insightful
    I am not enough of a security geek to fault this article on any technical detail, but surely the main message is that no matter what technical measures you take, any dumb user can totally subvert all your efforts by inadvertantly, unwittingly, or even maliciously running code on a personal system inside the secured network that opens a tunnel to the outside. Hence the title of the article.

    The concluding sentences contain the main learning point, as I see it: you need a way to identify all connections down to the source (user).
    And you need to make sure that all those dumb users know you're watching them and that you will hold them accountable for breaches of security that they initiate.

    Or is all that so obvious that no-one has felt the need to point it out?

  4. Re:Stateful Packet Inspection recommended by MeNeXT · · Score: 4, Insightful
    I have moderator points and I'm about to post go figure...


    This has nothing to do with thechnology but more to do with attitude, policy and productivity.



    You see in most trades/proffessions you need to learn how a tool works before you are eveluated on the tool. After that you need to apply the tool to the trade, which means you need to understand the workings of the trade. This takes years.


    Now, with computers, we have business that are trying to fit the trade to their tools. When that does not work and they encounter problems, they hire someone who knows one tool. They then try to force the tool into the business.


    This will never work! You cannot make a general tool to fit every need and at the same time make this tool easy to use. A good example that I can bring up is for MS Word users. Placing graphics in word does not make word a publishing software. All it has done is waste your time and the other person who is to open the document. Word is made for typing letters when we use it for other things it becomes complex. IT DOES A POOR JOB and it costs you more time and money than buiying the right tool or asking someone who is in the trade.



    Now before buying any software you need to identify what your needs are. Do you need to access files from home? Better yet why are you taking work home? How manyhours do you propose to work? If you wish to spend more time with your familly then mabye you should look at sleeping less because sitting in front of your computer is NOT familly time. In most cases this an ego issue (Look I can PISS farther than you!) an not a technologie issue.


    If Linux can only STOP trying to be Windows then the virus issue will stay with Windows. We have seen on the server side that Linux has not followed in the Windows steps.


    One last question why do you first start talking about the desktop and then give a server example?

    --
    DRM? No thanks, I'll just get it somewhere else...