On 22 Oct 2002, Cedric Blancher wrote: > Le mar 22/10/2002 =E0 20:57, Robert P. J. Day a =E9crit : > > i've had a number of people tell me that, while they put a > > good deal of thought into their INPUT filtering, they simply > > ACCEPT all outgoing traffic since, if their input filtering > > is working properly, there's no reason to stop outgoing > > packets. > > comments? > = > Once you have accepted the fact that your box can get compromised, you > easily understand why you should filter outgoing traffic. Moreover, > maximum security relies on the "lesser privilege rule" which specifies > that an object must not be allowed to do more than he has to. According= > to this, you have to filter network output. i understand that, for extra security, you should also filter on = the OUTPUT chain. but someone suggested to me that, if i get hacked because someone gets through my INPUT filter rules, they have a good chance of being able to change my ruleset anyway and remove the filtering. this is why this person suggested that i should concentrate my efforts on hardening my INPUT filter, and not worry a whole lot about the OUTPUT ruleset. in other words, if i get hacked, i'm = pretty much toast anyway, and can't trust *anything* about my system anymore. i realize it sounds like having sloppier security not worrying about the OUTPUT ruleset. i guess it would help me if someone could provide *specific* examples of how OUTPUT filtering adds to security beyond what would be provided by a well-designed INPUT ruleset. a pointer to an FAQ or some other link would be fine. rday
