> I have the following idea for a Linux based firewall, which will hopefully
> make it safer to connect a LAN to the Internet.
The idea is quite nice (not new, though :-).
>
> The question - did anyone already do something similar?
Yes, I can say that I did (sort of). I can't really give details, though -
other than saying 'yes, I did it'.
> If yes, can he/she share with me any tips on how to actually do this, and
> if and which problems am I likely to face while trying to pull off this
> feat?
Check if the programs you are using need to write to the file system, and
disable them.
Placing a read/write hard disk completely destroys the whole point of making
a read-only system.
Regarding making a read-only system: You might be surprised to see that
programs you didn't expect are using temporary files (though I admit that
it's less unlikely to happen on Linux). Swap file is an issue, of course.
Your server will have to have plenty of memory.
> And - is there anything which may prevent me from reaching the ideal of
> inability to break into the internal LAN even if the cracker is logged in
> as root?
>
Yes. What you did is limit the attackers playground from a couple of
gigabytes to hundreds of megabytes.
Assuming the attacker gets the ability to execute commands on the server
(this is the common assumption when trying to analyse the security model),
the attacker can use the available memory (usually hundred mbs) to load
programs of her choice. This goes double if a hard drive is present.
All in all, you'll have *some* free memory *somewhere* that can be written
to. If this happens, the attacker can compile a little-tiny-attack-tool and
load it to memory. From this point, the way to the internal network is open.
Important clarification: Before I get flames like "what are the chances that
x really happens": It doesn't matter what the chances are, as long as
they're more than zero. Omer tried to build a perfect security system, and
I'm merely trying to explain why it's not *perfect*. Of course it's pretty
good, and definitely better than most normal firewall systems. However, for
the question "is there anything which may prevent me from reaching the ideal
of inability to break into the internal LAN even if the cracker is logged in
as root?", the answer is: "Yes.".
- Aviram
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
