[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hurd does NOT need /hurd

On Tue, May 21, 2002 at 06:09:08PM +0200, Marcus Brinkmann wrote:
> On Tue, May 21, 2002 at 11:56:48AM -0400, Nathan Hawkins wrote:
> > He's out of date WRT current practice. And some networks have more than 
> > one gateway, in which case it can be desirable to administer on the 
> > hosts with the relevent services.
> Wouldn't it be more secure to use two (or at least one) dedicated
> firewalls on each way out of the LAN?

Wouldn't it be more secure to audit every line of code in the kernel
and the entire distro on a daily basis? Probably, but we can't afford
it. Not everyone can afford dedicated firewall boxes either. Even if they
can, defense-in-depth would indicate that they should use a dedicated
firewalling on the server as well as a dedicated firewall box and access
control at the application level and whatever else they can arrange.


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

     ``BAM! Science triumphs again!'' 
                    -- http://www.angryflower.com/vegeta.gif

Attachment: pgp1Wv1H4OnDs.pgp
Description: PGP signature

Reply to: