[lug] RH9 vs Fedora Core 3 - security threats?

Kevin Fenzi kevin at scrye.com
Tue Mar 1 12:33:38 MST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Michael" == Michael J Hammel <mjhammel at graphics-muse.org> writes:

Michael> I noticed this pointer to some tests on dropping various OSes
Michael> onto the internet on Slashdot:
Michael> http://www.denverpost.com/Stories/0,1413,36~33~2735094,00.html

Michael> If you read to the end you find that a Fedora Core 3 machine
Michael> was attacked 8 times in the testing while RH9 was not
Michael> attacked at all.  Are there known problems in FC3 that make
Michael> it more of a target than RH9?  Or is it just that FC3 is much
Michael> more recent?

It's unclear without knowing what they mean by "attacks". 
Portscans? 
Attempted compromises against specific services? 
What was running on the rh9 box? 

It's possible the install they did on the rh9 box had it not running
much at all, and the fc3 install they installed/started more
services. 

Michael> I've got a RH9 firewall and was planning on upgrading to FC3
Michael> (via KRUD).  I normally just set a bunch of iptables rules to
Michael> block all inbound traffic (even ssh) and allow outbound.
Michael> That seems about as secure as you can get, I guess.  Now I'm
Michael> wondering if there are holes that iptables won't cover.

Having a restrictive firewall isn't going to make sure you are 100%
secure, but it sure goes a long way toward it. 
If you are denying any incoming packets not associated with your
outgoing connections that reduces your exposure to: 
- - Bugs in the linux kernel itself. 
- - Attacks where someone tricks you into downloading/running/viewing
something that compromises your internal client. 

Michael> Not that I worry that much, since I know KRUD is updated
Michael> monthly with security patches so I'm probably as safe as I
Michael> can get if I use their latest CD.

Yeah, keeping up on the updates and having a restrictive firewall
really goes a long way to keeping you secure. 

Michael> But I am wondering if I should leave well enough alone.  To
Michael> my knowledge, I haven't been breached.  If all inbound is
Michael> blocked, I'd assume the only way they could get access is
Michael> with a local exploit, but I'm the only one with access to
Michael> that box.  -- Michael J. Hammel The Graphics Muse If love is

Yeah, it's a good step... 

kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFCJMLU3imCezTjY0ERAvPoAJ9R/IHeNzmh7/pbdDq+9a2DZYdS+QCfTWpG
MID+I+oM2GAg5RbJwvD+0xc=
=bkvA
-----END PGP SIGNATURE-----



More information about the LUG mailing list