Remote file inclusion protection

Networking/Security Forums -> UNIX // GNU/Linux

Author: etusha PostPosted: Sun Oct 22, 2006 7:32 pm    Post subject: Remote file inclusion protection
    ----
How can i protect my linux or unix server from remote file inclusion

Author: hebaLocation: Cremona (Italy) PostPosted: Mon Oct 30, 2006 12:05 pm    Post subject:
    ----
Second me, use a setting firewall more restrict.
Set iptables or use shorewall that set the iptables rules automatically.

Author: zzycatch PostPosted: Mon Oct 30, 2006 2:20 pm    Post subject:
    ----
A firewall such as iptables is insufficient to protect against such a leverage of access. Your best bet is to rely on the operating system's security policy to minimize the level of access services have. Ideally this will prevent attackers from gaining access to local tools required to acquire/manipulate objects or better yet will prevent attackers from ever gaining write access to your system in any but the most limited capacity, if at all.

A proxying firewall like Sidewinder or even FWTK if you can dig it up can be configured to address many file inclusion issues, but controlling the potential access is your best bet.

cheers,

catch

Author: hebaLocation: Cremona (Italy) PostPosted: Mon Oct 30, 2006 5:50 pm    Post subject:
    ----
zzycatch wrote:
A firewall such as iptables is insufficient to protect against such a leverage of access. Your best bet is to rely on the operating system's security policy to minimize the level of access services have.
A proxying firewall like Sidewinder or even FWTK if you can dig it up can be configured to address many file inclusion issues, but controlling the potential access is your best bet.



this, in linux do it iptables that is the command to set the firewall, but if he/she want use a firewall shorewall is a firewall... Rolling Eyes

Author: zzycatch PostPosted: Tue Oct 31, 2006 12:32 am    Post subject:
    ----
Quote:
The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter.
- http://www.shorewall.net/

Quote:
While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself.
- http://en.wikipedia.org/wiki/Iptables

In any event, it cannot do what you are claiming.

cheers,

catch



Networking/Security Forums -> UNIX // GNU/Linux


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group