Bootable CD w/OS for firewall

Derek Martin invalid at pizzashack.org
Wed Sep 15 10:33:01 EDT 2004


On Wed, Sep 15, 2004 at 10:23:47AM -0400, Don Levey wrote:
> A quick reboot will solve all of that - the same files come up
> again, just as I burned them.  

Which may get you immediately re-owned, if that's all you do.

> Keeping a hard disk around for logs means that, well, I can keep
> logs of any activity.  Very useful; that's why we havethem.

A potentially better solution is to log remotely to a different
machine connected to your side of the firewall.  Then if the machine
is compromised, it''s much less likely (if you've taken apropriate
measures) that the system's logs will be modified at the time of the
compromise.  They'll be on a different machine entirely, which may
(should) not have easy attack vectors from the firewall box.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20040915/9a831ed8/attachment.sig>


More information about the Discuss mailing list