Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Aaron Lehmann <aaronl@vitelus.com>
Date: Fri, 20 Apr 2001 00:14:22 -0700
Message-id: <[🔎] 20010420001422.E25740@vitelus.com>
In-reply-to: <[🔎] 20010420020257.C13113@micromuse.com>; from nnorman@micromuse.com on Fri, Apr 20, 2001 at 02:02:57AM -0500
References: <[🔎] 20010418171100.B8620@omega.resa.es> <[🔎] 20010418172549.A17770@lin-gen.com> <[🔎] 20010418232523.J12115@flounder.net> <[🔎] 20010419072809.M24502@justice.loyola.edu> <[🔎] 20010419235128.C31779@piro.kabuki.openfridge.net> <[🔎] 20010419103226.T12115@flounder.net> <[🔎] 20010420082606.D2010@piro.kabuki.openfridge.net> <[🔎] 20010419154344.F7546@flounder.net> <[🔎] 20010419234102.B25740@vitelus.com> <[🔎] 20010420020257.C13113@micromuse.com>

On Fri, Apr 20, 2001 at 02:02:57AM -0500, Nathan E Norman wrote:
> Everyone knows how to configure a stateful firewall, I can't believe
> more people don't have one.  Damn lazy bastards.

Firewalls in general suck because they limit access. If systems aren't
secure, well, they should be secured. Not blocked off from meaningful
communication with the internet.

I run a firewall, but only to SNAT (which is NOT for security, but for
using multiple computers per IP as a conservation measure).

While it's not really on-topic, I must say that I disagree with Daniel.
It is wrong to open only specific incoming ports, because if you have
some evil backdoor running, sorry -- your system's already been cracked
somehow. The real way to make a system more secure is to:

* use daemons with a reputation of being secure
* limit the daemons you run and configure them carefully
* pay attention to your system and security advisories. read bugtraq
* audit the code (if you care that much)

Don't fix the symptom, fix the problem.

Reply to:

Follow-Ups:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Daniel Stone <daniel@kabuki.openfridge.net>

References:
- ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: PiotR <piotr@omega.resa.es>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Robert van der Meulen <rvdm@cistron.nl>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Michael Stone <mstone@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Daniel Stone <daniel@kabuki.openfridge.net>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Daniel Stone <daniel@kabuki.openfridge.net>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Aaron Lehmann <aaronl@vitelus.com>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan E Norman <nnorman@micromuse.com>

Prev by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread