On Wed, Mar 16, 2005 at 07:50:13PM -0800, Thomas Bushnell BSG wrote:
> Joel Aelwyn <fenton@debian.org> writes:
>
> > * SCC systems have buildds.
> >
> > * Buildds must be network accessible.
> >
> > * The first rule of securing a machine exposed to the wilds is "Deny by
> > default, allow by need".
>
> Exactly which firewalling are the existing buildds doing? (I'm asking
> for information; if you don't know, then you don't know.)
For buildds, since I don't run one as either local or DSA admin, I couldn't
tell you offhand. I know what I'd *expect* them to be doing, as general
guidelines, which closely resembles what I do on servers I deploy facing
the net, but I don't know what they *are* doing.
I have no particular reason to believe that they aren't running a sane set
of firewalling rules; in fact, I would assume that they are, but I don't
feel impolite enough to annoy someone's HIDS log with random checking.
I also wouldn't expect details to be posted to the list; while security
through obscurity is not *sufficient*, there are times when it is *useful*.
--
Joel Aelwyn <fenton@debian.org> ,''`.
: :' :
`. `'
`-
Attachment:
signature.asc
Description: Digital signature