Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Enemy Within: Firewalls and Backdoors

Posted by CowboyNeal on from the securing-the-perimeter dept.

hrbrmstr writes "SecurityFocus is running an article on firewalls and backdoors on their InFocus site. They provide info on firewall types, backdoor classifications, some examples of real backdoors and tips on mitigating their use on your network." Some good topics explained for the beginner, and it's a nice refresher for the veteran admin as well.

2 of 225 comments (clear)

  1. Re:Good info by irc.goatse.cx+troll · · Score: 5, Insightful

    Security through obscurity does work though, so long as its not the only layer.
    An example would be lets say you're making your own home made cluster remote administrative tool for admining all of your servers from one console. What would be more secure:
    A: Greeting the user upon connection with a description of the service, full protocol docs, source code, etc.
    B: Sitting, waiting 5 seconds for the first command before dropping the connection. If client sends one wrong byte, instantly drop the connection and firewall their ip so that they cant get a single packet through.

    Obscurity isnt security in itself, however it does make a nice addition to an already secure setup.

    And if you think full disclosure means instant security, take a look at that opensource database thats had a serious bug in it for 8 years that was only found recently. I can't think of the name off hand, I believe it started with 'Inno'. Even though "thousands of eyes scoured the source code" it still didnt get noticed for eight years-- that is, noticed by anyone that went public with it.

    --
    Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  2. Everyone seems to be missing the point by scottme · · Score: 5, Insightful
    I am not enough of a security geek to fault this article on any technical detail, but surely the main message is that no matter what technical measures you take, any dumb user can totally subvert all your efforts by inadvertantly, unwittingly, or even maliciously running code on a personal system inside the secured network that opens a tunnel to the outside. Hence the title of the article.

    The concluding sentences contain the main learning point, as I see it: you need a way to identify all connections down to the source (user).
    And you need to make sure that all those dumb users know you're watching them and that you will hold them accountable for breaches of security that they initiate.

    Or is all that so obvious that no-one has felt the need to point it out?