Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Adam McKenna <adam@debian.org>
Date: Fri, 20 Apr 2001 00:45:27 -0700
Message-id: <[🔎] 20010420004527.Q7546@flounder.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010420001422.E25740@vitelus.com>; from aaronl@vitelus.com on Fri, Apr 20, 2001 at 12:14:22AM -0700
References: <[🔎] 20010418172549.A17770@lin-gen.com> <[🔎] 20010418232523.J12115@flounder.net> <[🔎] 20010419072809.M24502@justice.loyola.edu> <[🔎] 20010419235128.C31779@piro.kabuki.openfridge.net> <[🔎] 20010419103226.T12115@flounder.net> <[🔎] 20010420082606.D2010@piro.kabuki.openfridge.net> <[🔎] 20010419154344.F7546@flounder.net> <[🔎] 20010419234102.B25740@vitelus.com> <[🔎] 20010420020257.C13113@micromuse.com> <[🔎] 20010420001422.E25740@vitelus.com>

On Fri, Apr 20, 2001 at 12:14:22AM -0700, Aaron Lehmann wrote:
> On Fri, Apr 20, 2001 at 02:02:57AM -0500, Nathan E Norman wrote:
> > Everyone knows how to configure a stateful firewall, I can't believe
> > more people don't have one.  Damn lazy bastards.
> 
> Firewalls in general suck because they limit access. If systems aren't
> secure, well, they should be secured. Not blocked off from meaningful
> communication with the internet.

Firewalls have their place.  They are just not the panacea that they are made
out to be by the security industry.  In general, they encourage laziness in
the realm of host-security ("oh, well that box is behind the firewall, so I
don't have to worry about upgrading BIND on it"), and also a false sense of
security ("Nobody can break into that box, it's behind the firewall")

--Adam

-- 
Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to:

References:
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Robert van der Meulen <rvdm@cistron.nl>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Michael Stone <mstone@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Daniel Stone <daniel@kabuki.openfridge.net>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Daniel Stone <daniel@kabuki.openfridge.net>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Adam McKenna <adam@debian.org>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Aaron Lehmann <aaronl@vitelus.com>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Nathan E Norman <nnorman@micromuse.com>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Aaron Lehmann <aaronl@vitelus.com>

Prev by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by Date: Re: ITP: task-printing
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread