[NTLUG:Discuss] A Vulnerability question

MadHat madhat at unspecific.com
Mon Oct 8 10:12:19 CDT 2001


While the other 2 answers are mostly correct, you also have to remember 
there are different types of exploits and vulnerabilities.  There are local 
and remote vulnerabilities.  You don't always have to be running a service 
or daemon to be vulnerable to a local exploit.  And if an application is 
installed, you should consider yourself vulnerable, wether it is running or 
not because if someone is able to start the daemon, you are vulnerable, or 
if it isn't a daemon you are vulnerable.  Also relying on Firewalls alone 
is not a good idea, look at Nimda.  It hit many internal networks that were 
behind firewalls.  If a worm get into the network via one method, it means 
your firewall is almost useless at that point.  Security is multi layered, 
network is only one layer.  Other layers include OS, application and 
physical levels.  Don't rely on any one thing to be the saving 
grace.  Also, think about what is a hole in ipchains or iptables is found, 
are you secure on the other side?


At 07:14 AM 10/8/2001 -0500, Dennis Myhand wrote:
>Okay, I realize this may be a very simplistic sounding question, BUT...
>
>Whenever there is a vulnerability announced, such as for BIND, or
>another such program (Like everything on my wife's Winderz machine), am
>I vulnerable if I,
>
>1.)  Am not running that program, like not even configured but on my
>system?,
>
>2.)  Am running a firewall and not running that program, same situation
>as 1?,
>
>3.) Or am simply running a firewall with that program running?
>
>TNX, Dennis in Victoria
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss

--
MadHat at unspecific.com




More information about the Discuss mailing list