This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How secure...

tony_01 over 23 years ago

Hi,

How secure is the Astaro Firewall anyway? did anyone ever hack it?

/Tony

This thread was automatically locked due to age.

Parents

0 Jake L. Wegman over 23 years ago

"Is Astaro secure?"

My answer which may not be the position of 'Astaro Internet Security'...

Simple answer is indirect, "the only secure computer is one that is unplugged..."

-OR-

"only as secure as you are villigant..."

From my technical perspective, they have taken the stance of ONLY providing what is needed for a secure firewall in terms of code that is on the machine.

They create seperate partitions for each service that is provided along with CHROOTing those services further seperating the file systems.

They use up-to-date software which has all known security issues addressed.

So, if you have a sensible packet filter rule set, it should be as secure as you need it.

If you have a loose packet filter rule set, you are looking for trouble.

If you believe that an Astaro firewall, no matter how well configured, will address ALL security issues, you are mistaken. Many books have been published dealing with how to secure a network - a firewall is only part of the solution. However Astaro takes most accepted methods and presents an easy to use interface.

As to the question of an Astaro box being hacked - I'm too new with the product to have heard - there are so MANY variables leading up to the possiblility of that occuring - many of which are left up to the person setting the box up.

Point - if you do NOT impliment the intrusion detection system, how will you ever know?

Point - if you do NOT restrict what interfaces / networks / IP addresses can access the Web Admin program, you are providing a door.

Point - if you do NOT restrict what interfaces / networks / IP addresses can access the SSH server, you are providing a door.

Point - if you provide ANY Proxy services that are NOT limited to intended devices, you are providing a door.

The list goes on and on with Packet filters, VPNs etc...

There is always something new to learn with security...

Thanks
Jake
Cancel
Vote Up 0 Vote Down

Cancel
0 tom_01 over 23 years ago in reply to Jake L. Wegman

thanks for the answer Jake,

to add my point of view:

For max security, do not allow anything in the packet filter, and use HTTP, SMTP and SOCKS proxies. This should shield your internal network off at ALMOST 100%, at the cost of workflow and flexibility.

As for the hackability of ASL itself, the only possibly "exploitable" port is the SMTP one (if you should use it). All other listening ports can be directed to LAN use only.

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tom_01 over 23 years ago in reply to Jake L. Wegman

thanks for the answer Jake,

to add my point of view:

For max security, do not allow anything in the packet filter, and use HTTP, SMTP and SOCKS proxies. This should shield your internal network off at ALMOST 100%, at the cost of workflow and flexibility.

As for the hackability of ASL itself, the only possibly "exploitable" port is the SMTP one (if you should use it). All other listening ports can be directed to LAN use only.

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data