Other Considerations
A firewall should not be considered a normal network host, and it should not be treated like one. This system should not enable normal users to log in or share files or directories on the network, and should never run RPC services such as NIS or NFS. The need to use good passwords for the accounts on the firewall, along with the necessity of using of shadow passwords, goes without saying. What might need to be said is that the firewall should not have the same password as any other host on your network. The fact that the host is broken and the attacker now has the password and shadow files should not automatically provide access to other hosts on the internal network.
This host needs to also be physically separated from the ...
Get Special Edition Using Linux®, Sixth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.