AKLUG Archive: [aklug] Re: Firewall

From: Christopher Howard <christopher.howard@frigidcode.com>
Date: Fri Feb 10 2012 - 19:19:31 AKST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/10/2012 03:32 PM, scott@ravenmoonart.com wrote:
> Who is using what in the way of firewalls on their systems and
> networks?
>
> I am looking for recommendations for firewalls (any type) to be
> used for a sandboxed network. I don't know how many systems will be
> in the box at this point, but I have been asked to make some
> suggestions that are scalable.
>
> Since I use simple firewalls on my systems/network (my router has a
> nice built in firewall that I use) I don't have a deep field to
> draw on for this area.
>
> Suggestions form the list? Will look at anything suggested.
>
>
> Scott
>
> --------- To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

This doesn't have much to do with the original question, but has
anybody else heard of this?:

https://en.wikipedia.org/wiki/Seccomp

It's a security mechanism in the Linux kernel that allows a process to
permanently give up its rights to perform most system calls -- all
system calls except "exit(), sigreturn(), read() and write()" in fact.
That means, in particular, that it cannot open new files or alter
files that it hasn't already opened. The idea is to sandbox process
that have to process untrusted code. If a process tries to make a
unapproved system call after it has requested seccomp mode, then it
immediately takes a SIGKILL bullet from the kernel.

- --
frigidcode.com
theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPNexTAAoJEI2DxlFxTtgd6NQH/1/bEfeuXLYSseQUT0LHieB2
Tm6cSUpcWTMKZnYbHmX43kWrqxiZ+j343rcpxSLT9sZcCiXMQdAJYL4fTheDga7Q
3u3EJMbbjnjMGPmkMdzIrmz0J6UiDqfZ5jzRe10/EIVpqD0K/wVPXk96s9PSHyBb
UC76wyHddQI6RiJTB7KXa45+qqceBnPoz63GAaJDGDGD1MvWvG7K12EW1sE6nsJh
KiDJZY6qSeqRPIG4ztcshYYvfxzESzVUx7LffFbKJ1T2NmQ2ZTbcjHOdqY7Q9YgG
PhLBsgTOx3E22TfV5cingmD8ZqpGvg8AX7X3f3exeiBHsXyqxQTv/TJm6A8+xmI=
=dLGf
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Feb 10 19:16:49 2012

This archive was generated by hypermail 2.1.8 : Fri Feb 10 2012 - 19:16:49 AKST