Re: Required firewall support
On Wed, 16 Mar 2005 20:39:48 -0700, Joel Aelwyn <fenton@debian.org>
wrote:
>* The first rule of securing a machine exposed to the wilds is "Deny by
> default, allow by need".
Which is pretty well accomplished by only running needed services. A
port without a services is an implicit "deny".
>Sorry, but being able to cope with a hostile environment *is* a requirement
>in today's network, and there isn't any real way around that fact.
I am routinely running systems without any packet filtering capability
on the network, and they are perfectly able to cope. They just only
accept network connections for needed services.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: