Adam McKenna <adam@debian.org> wrote: > > I believe the word I used was "adequate", not "fully". It is adequate as a > basic level of security, if configured properly. This level of security is > acceptable for many hosts. (For instance, when I received my Debian username > and password, I don't remember being asked which hosts I wanted to be able to > SSH in from.) Sorry, I've paraphrased you rather badly. The word *was* "adequate". I apologise, but I still disagree with you. > Firewalls are nice, but anyone who thinks that just because they put a > firewall in front of something that it is now "secure", needs to get a clue. I don't believe that just because there's a firewall in place then a site is secure (despite what at least one other on this list seems to think). It's only a part of making a site secure, but it's a big part. And yes, when I say "secure", I really mean "secure enough for my purposes". I'm not hiding any military secrets or anything. Just commercial information. > No, I'm just not a zealot. I believe that certain security measures are > warranted in certain situations, and that each situation must be evaluated > independently. You (AFAICT) believe that maximum security is warranted in > all situations, no matter the cost. Not at all. If I did, I wouldn't have my workstation connected to the 'net. However, I *do* have a two-level NAT/IP Masq/IP forwarding firewall setup here, with only three machines directly connected to the 'net (plus a router), and many others behind it. It wasn't so hard to set up, and it helps protect a bunch of other machines that can't otherwise be protected (Windows boxes, ugh). Without that basic level of protection, I'd expect to have to clean up after a breach every week or two. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | OpenPGP key ID: DE89C75C, available on key servers OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
pgpgWsvrJPTqu.pgp
Description: PGP signature