Allmost OT: Re: [lug] telnetd problem

Gary Frerking garyf at turbopower.com
Mon Oct 15 12:26:41 MDT 2001


>> Sorry, deleted too much of the previous thread in my last reply.
When 
>> I get this set up the way I want it, it will be:

>> world ----> cable modem ----> linux gateway/firewall --> local
network

>> And I will certainly use SSH to get in from the outside world after 
>> reading the replies here.  Just to make things completely clear,
though, 
>> is there any security risk involved in using telnet between boxes
that 
>> are behind the firewall, where information does not normally get
passed 
>> out to the world? It's a bit academic at this point, but it would
help 
>> me understand How Things Work.


It's a common feeling that something like this is "okay".

If you feel this way, you're simply not being paranoid enough.  :o)

A firewall is an aid to security. It's not the all-ending, all-being
"solution" to a secure network. You should *not* assume that everything
behind the firewall is safe. It's just another layer in what *should* be
multiple layers designed to make things (1) as difficult as possible to
compromise in the first place and (2) if something *is* compromised,
keep the damage to a minimum.

Consider this scenario...

Joe Cracker is somehow able to compromise one of your machines behind
the firewall (or the firewall itself). At this point, all Joe really has
is the compromised machine (I'm trying to keep things simple here).

Next, Joe puts the compromised machine into promiscuous mode and sniffs
your network. If you've thrown caution to the wind inside the firewall,
Joe will quickly have your entire network compromised.


-- Gary



More information about the LUG mailing list