[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Hardening of OS
Hi, Brian Tan Wee Beng wrote: > I was having a disussion with a engineer on hardening the OS and he say > that actually there's not a need to harden it since the inspection module is > sitting on the kernel level.This means that all packets will be processed by > the module before they reach the OS.If the packets do not pass inspection, > they are either dropped or rejected according to the rule base.So is it > true??? Yes, the inspect engine is located in the kernel, between layer 2 and layer 3. So it's really below the OS and protecting it. But working in security for quite a long time, I became a kind of pessimist. What if you stop the engine or unload the rulebase? Then the gateway must not be vulnerable and should not forward packets. So I think, even if many people say that it's not absolutely necessary, the hardening of the OS is essential for the security. A good collection of "how to" can be found e.g. at the site of Lance Spitzner (http://www.enteract.com/~lspitz/). He describes how to harden Solaris, Linux and NT. Hope it helps, best regards Matthias begin:vcard n:Leu;Dr. Matthias tel;cell:tel;fax:+49 8102 895 199 tel;home:+49 89 69759390 tel;work:+49 8102 895 190 x-mozilla-html:FALSE url:http://www.aerasec.de org:AERAsec Network Services and Security GmbH adr:;;Wagenberger Strasse 1;D-85662 Hohenbrunn;;;Germany version:2.1 email;internet:[email protected] fn:Dr. Matthias Leu end:vcard
|