Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Fri, Apr 20, 2001 at 02:02:57AM -0500, Nathan E Norman wrote:
> Everyone knows how to configure a stateful firewall, I can't believe
> more people don't have one. Damn lazy bastards.
Firewalls in general suck because they limit access. If systems aren't
secure, well, they should be secured. Not blocked off from meaningful
communication with the internet.
I run a firewall, but only to SNAT (which is NOT for security, but for
using multiple computers per IP as a conservation measure).
While it's not really on-topic, I must say that I disagree with Daniel.
It is wrong to open only specific incoming ports, because if you have
some evil backdoor running, sorry -- your system's already been cracked
somehow. The real way to make a system more secure is to:
* use daemons with a reputation of being secure
* limit the daemons you run and configure them carefully
* pay attention to your system and security advisories. read bugtraq
* audit the code (if you care that much)
Don't fix the symptom, fix the problem.