[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hurd does NOT need /hurd

begin  Jeff Bailey  quotation:

> On Tue, May 21, 2002 at 05:17:16PM +0200, SpyderMan wrote:
> > Great, another compelling reason to ditch firewalling support.
> Not at all, but someone who thinks that firewalling provides any
> reasonable measure of security hasn't been paying attention -
> corporate firewalls are breached on a regular basis.  If your network
> isn't inherently secure, slapping a firewall on the end isn't going to
> make it secure.

No network is inherently secure unless it's cut off from the outside
world. (And in the most literal sense, few networks are ever
_completely_ cut off -- they're usually accessible by sneakernet, if
nothing else.)

> Firewalling serves the purpose only of covering holes that shouldn't
> be there in the first place.

It sounds like you're living in a fantasy world in which all
vulnerabilities are known and can be protected against. Which is clearly
not what the real world is like. Holes exist for any number of reasons
-- machines that aren't under the network admins' control, bugs that
have not yet been publicized and patched (but which may be known to the
black hats), etc., etc. If you can add extra barriers to prevent or
limit the effect of exploits when other preventative measures fail, then
your network is a little more secure than it would be without those
barriers. Which is what firewalls are all about.

Of course, the firewall may fail too; but that's one reason among many
why a firewall, by itself, isn't a guarantee of complete security.


Attachment: pgpa4X8Za0XGD.pgp
Description: PGP signature

Reply to: