[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Fri, Apr 20, 2001 at 03:41:31PM +1000, Sam Couter wrote:
> What I was addressing is your assertion that you can fully protect a machine
> from any attack using IP-based access lists with TCP wrappers instead of a
> stateful firewall. That's a little piece of misinformation that everyone
> can do without.

I believe the word I used was "adequate", not "fully".  It is adequate as a
basic level of security, if configured properly.  This level of security is
acceptable for many hosts.  (For instance, when I received my Debian username
and password, I don't remember being asked which hosts I wanted to be able to
SSH in from.)

Firewalls are nice, but anyone who thinks that just because they put a
firewall in front of something that it is now "secure", needs to get a clue.

> > You don't know me -- don't presume to know what I do and do not understand.
> You're right, I don't know you. But I've read several posts of yours, and
> like I said, you seem to demonstrate a fundamental lack of understanding on
> the topic you're talking about.

No, I'm just not a zealot.  I believe that certain security measures are
warranted in certain situations, and that each situation must be evaluated
independently.  You (AFAICT) believe that maximum security is warranted in
all situations, no matter the cost.


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: