What do you use to defend your box?
(Notwithstanding it's no secret that... "foolproof" protection IS impossible)
My (xlib?) Secure by default "strict" firewall Intrusion prevention system strategy is...
" P0f "... ( IP stack fingerprinting )
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=78203
" Systrace "... ( Principle of least privilege )
http://webwarper.net/ww/~av/slakfinder. ... e=#results
" Fail2ban "... ( Intrusion prevention system )
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=77999
" Bird Internet routing daemon "... ( Bogon filtering )
http://webwarper.net/ww/~av/slakfinder. ... e=#results
in addition... xtables-addon ( Null route )
http://webwarper.net/ww/~av/slakfinder. ... e=#results
also... fwknop ( Port knocking )...
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=78017
and of course... Snort ( Intrusion prevention system ).
http://webwarper.net/ww/~av/slakfinder. ... ?pkg=78311
IMHO...
you lock your front door to stop "everyone" NOT "anyone" from getting in.Security is about deterrence NOT prevention (Moore's law makes prevention impossible)...
Also consider this... deterrence (with a modest overhead) has the bonus effect of increasing performance/reliability (when successful).
TGIF...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
