[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hurd does NOT need /hurd

"Joel Baker" <lucifer@lightbearer.com> writes:

> Firewalling is *not* automatically a benefit, any more than having locks on
> your car is a benefit to prevent theft. You also need a key, and you need
> to *use* the locks... but if you're really trying to claim that the use of
> configured firewalling (even 'configured to defaults') is not useful to
> network security, then you are making an assertion that runs counter to the
> vast majority of both research and field experience on the topic.

Host-based firewalling is not a network firewall.

I would be interested in reading the research you refer to; can you
give me pointers?

I have never seen a firewall administered in a way which actually
improved security.  For example, where I am, there is a firewall that
blocks incoming TCP port 23 connections, on the grounds that this
improves security.  Of course, it does no such thing; telnetd can run
on any port you like.

However, I'm happy to agree that this is a feature some people want,
and therefore it's a good thing to provide.

John Robinson went further, however, saying that if it isn't provided,
the system can't be said to have any security at all.

Network firewalls in theory help with the problem of badly configured
hosts.  Host-based firewalls don't help that at all.


To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: