FreeOS.com: TCP Wrappers: Part 2Mar 11, 2001, 12:12 (0 Talkback[s])
(Other stories by Trevor Warren)
[ Thanks to Trevor Warren for this link. ]
"Last week, we had a look at the concept of TCP Wrappers from the theoretical perspective. As we have already mentioned, TCP Wrappers isn't meant to fulfill the security measures you would want for an enterprise network. But it surely does fall into the greater scheme of rule sets that would make up a comprehensive strategy to protect an enterprise network. The author of TCP Wrappers mentions this stating, that TCP Wrappers could be made use of along with a firewall box on your corporate gateway with minimum services running. While building a firewall, we suggest, that you pipe all the firewall logging off the gateway. Although complicated to set up, this is the best way to secure your logs incase your firewall machine is compromised."
"With the TCP Wrapper package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services. It supports both, 4.3BSD-style sockets and System V.4-style TLI. Count yourself lucky if you don't know what that means."
"The package provides tiny daemon wrapper programs that can be installed without any change to the existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service. Neither do they exchange information with the client or server applications, nor impose overhead on the actual conversation between the client and server applications."