Re: hurd does NOT need /hurd

To: "Joel Baker" <lucifer@lightbearer.com>
Cc: debian-devel@lists.debian.org
Subject: Re: hurd does NOT need /hurd
From: tb@becket.net (Thomas Bushnell, BSG)
Date: 20 May 2002 12:57:05 -0700
Message-id: <[🔎] 87n0uuzj72.fsf@becket.becket.net>
In-reply-to: <[🔎] 20020520132531.B22215@lightbearer.com>
References: <[🔎] Pine.LNX.4.33.0205192031530.9857-100000@yakko.doogie.org> <[🔎] 87it5ja8bt.fsf@becket.becket.net> <[🔎] 20020520051008.GB16576@azure.humbug.org.au> <[🔎] 20020520141603.GB1505@celeron.dekkers> <[🔎] 20020520145256.GF29854@212.23.136.22> <[🔎] 20020520151349.GB25130@azure.humbug.org.au> <[🔎] 20020520173448.GI1505@celeron.dekkers> <[🔎] 20020520180124.GB11058@ucsd.edu> <[🔎] 87u1p21vkq.fsf@becket.becket.net> <[🔎] 20020520132531.B22215@lightbearer.com>

"Joel Baker" <lucifer@lightbearer.com> writes:

> Firewalling is *not* automatically a benefit, any more than having locks on
> your car is a benefit to prevent theft. You also need a key, and you need
> to *use* the locks... but if you're really trying to claim that the use of
> configured firewalling (even 'configured to defaults') is not useful to
> network security, then you are making an assertion that runs counter to the
> vast majority of both research and field experience on the topic.

Host-based firewalling is not a network firewall.

I would be interested in reading the research you refer to; can you
give me pointers?

I have never seen a firewall administered in a way which actually
improved security.  For example, where I am, there is a firewall that
blocks incoming TCP port 23 connections, on the grounds that this
improves security.  Of course, it does no such thing; telnetd can run
on any port you like.

However, I'm happy to agree that this is a feature some people want,
and therefore it's a good thing to provide.

John Robinson went further, however, saying that if it isn't provided,
the system can't be said to have any security at all.

Network firewalls in theory help with the problem of badly configured
hosts.  Host-based firewalls don't help that at all.

Thomas

-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: hurd does NOT need /hurd
  - From: Joel Baker <lucifer@lightbearer.com>
- Re: hurd does NOT need /hurd
  - From: Craig Dickson <crdic@pacbell.net>
- Re: hurd does NOT need /hurd
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>

References:
- Re: hurd does NOT need /hurd
  - From: Adam Heath <doogie@debian.org>
- Re: hurd does NOT need /hurd
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: hurd does NOT need /hurd
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: hurd does NOT need /hurd
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: hurd does NOT need /hurd
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: hurd does NOT need /hurd
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>
- Re: hurd does NOT need /hurd
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: hurd does NOT need /hurd
  - From: "Joel Baker" <lucifer@lightbearer.com>

Prev by Date: Re: where do NEW packages go?
Next by Date: Re: hurd does NOT need /hurd
Previous by thread: Re: Firewalling (was: hurd does NOT need /hurd)
Next by thread: Re: hurd does NOT need /hurd
Index(es):
- Date
- Thread