Subject:
|
Re: review: Radeon 7000 for BrickDraw3D, low-end Mac
|
Newsgroups:
|
lugnet.off-topic.geek
|
Date:
|
Tue, 16 Apr 2002 18:12:49 GMT
|
Viewed:
|
406 times
|
| |
|
|
In article <Guo6u6.Mu4@lugnet.com>,
Larry Pieniazek <lpieniazek@mercator.com> wrote:
> How can it be filtering and forwarding if there are no processes running?
> And why wouldn't it shutdown all the way at some point?
It's something of a cheat; the world doesn't tend to consider the kernel
to be a process in and of itself, and with stuff like ipchains you can
effectively put all the firewall rules and functionality in the kernel.
So you still have a kernel running.
I personally consider something like LIDS to be a better solution--
Mandatory Access Control added on top of Unix. You can restrict, file
by file, access-- so, for example, you can set the log files to have
only "append only" access; you can't modify 'em except for adding to the
end. You can set it up so that any file you don't need append access to
for logging have _no_ writable access-- even by root. (Mandatory Access
Control is cool that way.) Shutting down processes that arent the kernel
gets you in a position where you have no logging and therefore no real
intrusion detection.
Of course, in the ideal world, you can't _have_ an intrusion to detect
a halted firewall, but I don't live in an ideal world...
-JDF
--
J.D. Forinash ,-.
jd@forinash.not ( <
The more you learn, the better your luck gets. `-'
|
|
Message has 1 Reply:
Message is in Reply To:
26 Messages in This Thread:
  
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
