On Fri, May 05, 2000 at 08:13:43AM -0400, Burke, Thomas G. wrote:
> It's actually quite common not to install one, especially on a
> gateway/firewall machine... If there are more boxes inside, on the internal
> netwok, then it is no problem to make a new kernel or build of whatever, &
> move it to the gateway. See, if the firewall machine has no compiler, then
> if someone _does_ break into the machine, then that person can compile no
> malicious code.
In that case you force them to ftp precompiled binaries onto your
machine... it doesn't slow a cracker down much. One of the few ways to
keep them from running malicious code is to mount all rw partitions as
noexec and nosuid. But even this doesn't really help if the cracker roots
you through a network daemon.
--
Steve Borho Voice: 314-615-6349
Network Engineer
Celox Networking Inc
Fortune of the day:
I learned to play guitar just to get the girls, and anyone who says they
didn't is just lyin'!
-- Willie Nelson
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
