Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Adam McKenna <adam@debian.org>
Date: Fri, 20 Apr 2001 00:22:37 -0700
Message-id: <[🔎] 20010420002237.P7546@flounder.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010420154131.C12467@topic.com.au>; from sam@topic.com.au on Fri, Apr 20, 2001 at 03:41:31PM +1000
References: <[🔎] 20010418171100.B8620@omega.resa.es> <[🔎] 20010418172549.A17770@lin-gen.com> <[🔎] 20010418232523.J12115@flounder.net> <[🔎] 20010419072809.M24502@justice.loyola.edu> <[🔎] 20010419235128.C31779@piro.kabuki.openfridge.net> <[🔎] 20010419103226.T12115@flounder.net> <[🔎] 20010420095020.B12467@topic.com.au> <[🔎] 20010419182245.K7546@flounder.net> <[🔎] 20010420154131.C12467@topic.com.au>

On Fri, Apr 20, 2001 at 03:41:31PM +1000, Sam Couter wrote:
> What I was addressing is your assertion that you can fully protect a machine
> from any attack using IP-based access lists with TCP wrappers instead of a
> stateful firewall. That's a little piece of misinformation that everyone
> can do without.

I believe the word I used was "adequate", not "fully".  It is adequate as a
basic level of security, if configured properly.  This level of security is
acceptable for many hosts.  (For instance, when I received my Debian username
and password, I don't remember being asked which hosts I wanted to be able to
SSH in from.)

Firewalls are nice, but anyone who thinks that just because they put a
firewall in front of something that it is now "secure", needs to get a clue.

> > You don't know me -- don't presume to know what I do and do not understand.
> 
> You're right, I don't know you. But I've read several posts of yours, and
> like I said, you seem to demonstrate a fundamental lack of understanding on
> the topic you're talking about.

No, I'm just not a zealot.  I believe that certain security measures are
warranted in certain situations, and that each situation must be evaluated
independently.  You (AFAICT) believe that maximum security is warranted in
all situations, no matter the cost.

--Adam

-- 
Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to:

Follow-Ups:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Sam Couter <sam@topic.com.au>

References:
- ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: PiotR <piotr@omega.resa.es>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Robert van der Meulen <rvdm@cistron.nl>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Michael Stone <mstone@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Daniel Stone <daniel@kabuki.openfridge.net>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Sam Couter <sam@topic.com.au>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Sam Couter <sam@topic.com.au>

Prev by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread