A firewall such as iptables is insufficient to protect against such a leverage of access. Your best bet is to rely on the operating system's security policy to minimize the level of access services have. Ideally this will prevent attackers from gaining access to local tools required to acquire/manipulate objects or better yet will prevent attackers from ever gaining write access to your system in any but the most limited capacity, if at all.
A proxying firewall like Sidewinder or even FWTK if you can dig it up can be configured to address many file inclusion issues, but controlling the potential access is your best bet.
Joined: 09 Jan 2006 Posts: 4 Location: Cremona (Italy)
Posted: Mon Oct 30, 2006 5:50 pm Post subject:
zzycatch wrote:
A firewall such as iptables is insufficient to protect against such a leverage of access. Your best bet is to rely on the operating system's security policy to minimize the level of access services have.
A proxying firewall like Sidewinder or even FWTK if you can dig it up can be configured to address many file inclusion issues, but controlling the potential access is your best bet.
this, in linux do it iptables that is the command to set the firewall, but if he/she want use a firewall shorewall is a firewall...
While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum