[NTLUG:Discuss] A Vulnerability question
MadHat
madhat at unspecific.com
Mon Oct 8 10:12:19 CDT 2001
While the other 2 answers are mostly correct, you also have to remember
there are different types of exploits and vulnerabilities. There are local
and remote vulnerabilities. You don't always have to be running a service
or daemon to be vulnerable to a local exploit. And if an application is
installed, you should consider yourself vulnerable, wether it is running or
not because if someone is able to start the daemon, you are vulnerable, or
if it isn't a daemon you are vulnerable. Also relying on Firewalls alone
is not a good idea, look at Nimda. It hit many internal networks that were
behind firewalls. If a worm get into the network via one method, it means
your firewall is almost useless at that point. Security is multi layered,
network is only one layer. Other layers include OS, application and
physical levels. Don't rely on any one thing to be the saving
grace. Also, think about what is a hole in ipchains or iptables is found,
are you secure on the other side?
At 07:14 AM 10/8/2001 -0500, Dennis Myhand wrote:
>Okay, I realize this may be a very simplistic sounding question, BUT...
>
>Whenever there is a vulnerability announced, such as for BIND, or
>another such program (Like everything on my wife's Winderz machine), am
>I vulnerable if I,
>
>1.) Am not running that program, like not even configured but on my
>system?,
>
>2.) Am running a firewall and not running that program, same situation
>as 1?,
>
>3.) Or am simply running a firewall with that program running?
>
>TNX, Dennis in Victoria
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss
--
MadHat at unspecific.com
More information about the Discuss
mailing list