Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > X-Windows installed on hardenend DMZ host

Reply
Thread Tools

X-Windows installed on hardenend DMZ host

 
 
Robin Huiser
Guest
Posts: n/a
 
      10-08-2004
Hi all,

(I trust this is ok in this group - If not pls could anyone point to a
more appropriate one, pls).

Does anyone know where to find more information about security risks /
issues having X-Windows libs + apps installed (but not running) on a DMZ
box?

Thanks in advance,

Robin
 
Reply With Quote
 
 
 
 
donnie
Guest
Posts: n/a
 
      10-08-2004
On Fri, 08 Oct 2004 12:21:13 +0200, Robin Huiser <(E-Mail Removed)>
wrote:

>Hi all,
>
>(I trust this is ok in this group - If not pls could anyone point to a
>more appropriate one, pls).
>
>Does anyone know where to find more information about security risks /
>issues having X-Windows libs + apps installed (but not running) on a DMZ
>box?
>
>Thanks in advance,
>
>Robin

#####################
You didn't say what OS it is but as far as FreeBSD goes, remote X
displays are disabled by default. That's the -listen_tcp option of
the startx command. Also, if I remember correctly, X server runs on
port 6000, which can be blocked.
Soemthing comes to mind. Edit the xinitrc file where it says #start
some nice programs. Delete what it says under that.
donnie
 
Reply With Quote
 
 
 
 
Robin Huiser
Guest
Posts: n/a
 
      10-21-2004
donnie wrote:

> On Fri, 08 Oct 2004 12:21:13 +0200, Robin Huiser <(E-Mail Removed)>
> wrote:
>
>
>>Hi all,
>>
>>(I trust this is ok in this group - If not pls could anyone point to a
>>more appropriate one, pls).
>>
>>Does anyone know where to find more information about security risks /
>>issues having X-Windows libs + apps installed (but not running) on a DMZ
>>box?
>>
>>Thanks in advance,
>>
>>Robin

>
> #####################
> You didn't say what OS it is but as far as FreeBSD goes, remote X
> displays are disabled by default. That's the -listen_tcp option of
> the startx command. Also, if I remember correctly, X server runs on
> port 6000, which can be blocked.
> Soemthing comes to mind. Edit the xinitrc file where it says #start
> some nice programs. Delete what it says under that.
> donnie

Thanks for the comment!!!

The OS is AIX and my concerns are mainly what a hacker could do with the
extra installed software and libs - there is no X server running during
normal operation.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
Allow smtp traffic from DMZ to Inside, without DMZ loosing Internet connection? morten Cisco 4 09-04-2007 01:48 PM
Installed VS 2005 professional. I see SQL expres also installed as part of it. But where do i get the Management Studio from? Learner ASP .Net 4 01-27-2006 08:37 PM
Cisco PIX DMZ to DMZ Access Network-Guy Cisco 7 09-25-2005 08:28 PM
how to config 515-e-dmz dmz routes & ACL? JohnC Cisco 9 12-07-2004 09:14 AM



Advertisments