[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Fri, Apr 20, 2001 at 12:14:22AM -0700, Aaron Lehmann wrote:
> On Fri, Apr 20, 2001 at 02:02:57AM -0500, Nathan E Norman wrote:
> > Everyone knows how to configure a stateful firewall, I can't believe
> > more people don't have one.  Damn lazy bastards.
> Firewalls in general suck because they limit access. If systems aren't
> secure, well, they should be secured. Not blocked off from meaningful
> communication with the internet.

Firewalls have their place.  They are just not the panacea that they are made
out to be by the security industry.  In general, they encourage laziness in
the realm of host-security ("oh, well that box is behind the firewall, so I
don't have to worry about upgrading BIND on it"), and also a false sense of
security ("Nobody can break into that box, it's behind the firewall")


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: