Hear, hear!
The "soft chewy inside" is dead. Long live defense-in-depth!
On Mon, 2003-08-25 at 11:41, David T Hollis wrote:
Steve Dickson wrote:
> rhldevel(a)assursys.co.uk wrote:
>
>> On Mon, 25 Aug 2003, Bill Nottingham wrote:
>>
>> But to a lot of naïve users, firewalls are deeply technical things, that
>> they worry will interfere with normal usage. As a result, I believe a
>> number
>> of such users will install with the firewall disabled, or stop it when
>> attempting to get things working - perhaps never to (re-)enable it.
>> Having
>> things like X11, portmapper and rpc.statd listening on an external
>> interface
>> is asking for trouble, IMHO.
>>
> For network security firewalls are the answer... not disabling network
> applications...
> All we can do is give them the tools... but we can not shooting
> themselves in the foot...
>
> SteveD.
>
>
> --
> Rhl-devel-list mailing list
> Rhl-devel-list(a)redhat.com
>
http://www.redhat.com/mailman/listinfo/rhl-devel-list
Wrong. Security in-depth is the answer.
Good - IP ports are firewalled
Better - application is not running
Best - application is not even installed
--
Rhl-devel-list mailing list
Rhl-devel-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/rhl-devel-list --
Howard Owen "Even if you are on the right
EGBOK Consultants track, you'll get run over if you
hbo(a)egbok.com +1-650-339-5733 just sit there." - Will Rogers