[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Required firewall support

On Wed, 16 Mar 2005 20:39:48 -0700, Joel Aelwyn <fenton@debian.org>
>* The first rule of securing a machine exposed to the wilds is "Deny by
>  default, allow by need".

Which is pretty well accomplished by only running needed services. A
port without a services is an implicit "deny".

>Sorry, but being able to cope with a hostile environment *is* a requirement
>in today's network, and there isn't any real way around that fact.

I am routinely running systems without any packet filtering capability
on the network, and they are perfectly able to cope. They just only
accept network connections for needed services.


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: