To make the firewall
setup effective, the gate should be a pain to use: really, all you
want this computer to do is forward specific kinds of information
across the choke. The gate should be as impervious as possible to
security threats, applying the techniques we've described
elsewhere in this book, plus more extreme measures that you would
not apply to a general machine. The list below summarizes techniques
you may want to implement on the gate machine:
Enable auditing if your operating
system supports it.
Do not allow regular user accounts, but only accounts
for people requiring incoming connections, system accounts for needed
services, and the
Do not allow incoming connections to your X11 servers
(ports 6000 through 6000+
is the number of X11 displays on any given
Do not mount directories using
(or any other network filesystem). Export only directories that
contain data files (
, news, etc), never programs.
Remove the binaries of all commands not necessary
for gate operation, including tools like
cc, awk, sed, ld, emacs,
, etc. Remove all libraries (except the shared portion of shared
development for the gate should be done on another machine and copied
to the gate machine; with program development tools and unnecessary
commands removed, a cracker can't easily install Trojan
horses or other nasty code. Remove
and all other shells except
system needs for startup). Change the permission on
to be 500, so that it can only be run by the superuser.
you really don't want to remove these programs,
from 755 to 500. The
user will still be able to use these programs,
but no one else will. This approach is not as secure as removing
the programs, but it is more effective than leaving the tools in
all system directories (e.g.,
/bin, /usr, /usr/bin, /etc,
to mode 711. Users of the system other
than the superuser do not need to list directory contents to see
what is and is not present. This change will really slow down someone
who manages to establish a non-
shell on the machine through
some other mechanism. Don't run
on the gate machine. Do not import or export
files, especially the
Turn on full logging on the gate machine. Read
the logs regularly. Set the
file so that the gate logs
to an internal machine as well as a hardcopy device, if possible.
Mount as many disks as possible read-only. This
prevents a cracker from modifying the files on those disks. Some
, will need to
be writable. You can place all of these directories on a single
partition and use symbolic links so that they appear in the appropriate
Turn on process and file quotas, if available.
some form of smart card or key-based access for the root user. If
you don't use such devices, don't allow anyone
to log in as root on the machine.
Make the gate computer "equivalent"
to no other machine. Remove the files
Enable process accounting on the gate machine.
Disable all unneeded network services.
Finally, look back at the guidelines listed under
they are also useful when setting up a gate. When you configure
your gate machine, remember that every service and program that
can be run presents a threat to the security of your entire protected
network. Even if the programs appear safe today, bugs or security
flaws may be found in them in the future. The purpose of the gate
is to restrict access to your network, not to serve as a computing
platform. Therefore, remove everything that's not essential
to the network services.
Be sure to monitor your gate
on a regular basis:
if you simply set the gate up and forget about
it, you may let weeks or more go by before discovering a break-in.
If your network is connected to the Internet 24 hours a day, 7 days
a week, it should be monitored at least daily.
if you follow all of these rules and closely monitor your gate,
a group of very persistent and clever crackers might still break
through to your machines. If they do, the cause will not likely
be accidental. They will have to work hard at it, and you will most
likely find evidence of the break-in soon after it occurs. The steps
we've outlined will probably discourage the random or curious
cracker, as well as many more serious intruders, and this is really