Re: Just noise: Leaving

To: Hubert Weikert <weikert@muninn.cube.net>
Cc: Debian Firewall List <debian-firewall@lists.debian.org>
Subject: Re: Just noise: Leaving
From: Christoph Lameter <christoph@lameter.com>
Date: Sat, 7 Mar 1998 13:40:42 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.980307132518.1376A-100000@lameter.com>
In-reply-to: <[🔎] Pine.LNX.3.96.980307215400.1098I-100000@muninn.cube.net>

On Sat, 7 Mar 1998, Hubert Weikert wrote:

> Please don't expect that every user has the knowledge to
> - select the appropriate packeges for a firewall
> - and to configure them.

In my experience firewalls need to have a competent administrator to be
and to provide security. They have to be targeted for the individual
security situation, In this case the point and click method does not work.

Debian systems come preconfigured for standard security situations AFAIK.
In situation when a Debian system is used as a router the issues are
different naturally.

> I also don't like to do always the same repeating tasks for every firewall
> installation. I want some of the tasks automated, I want to give parts of
> a firewall management to less knowledgable admistrators (like user
> management for proxies). I also want an autitable system, preferably a
> automatic auditing of the system setup against a formal description of the
> security policy.

proxy's are a no no for me unless transparent. Firewalls have to be
transparent too. They are not ways to harass users. What I like so much
about Linux is that security measures are transparent and do not result in
major performance hits. You can use VPN measures if you need additional
security. Logging is also already excellent and I have it repeated used it
to track down people trying to get into my Network. A formal description
of the security policy??? Oh man what idealism. That is one of the issues
why I dont want to be on the list. 

> The today best selling commercial firewall attracts with a graphical
> user interface. As a purist I don't like it, but this type of user
> interfaces are expected from the users. A firewall system without a
> colourfull windows interface could not be a good firewall, it could be to
> complicated to setup it and to manage it. So the mind of decission makers
> in the industry.

So release a package that sets up a standard firewall (assuming a router
into a class C network) using the existing stuff. Should not be a big
issue and be done in an hour. And it gives people the same mistaken sense
of "firewall" protection than the commercial "solutions". There are
editors providing color and the classic dialog package will certain prove
useful. 

--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  E-mail to listmaster@debian.org .

Reply to:

References:
- Re: Just noise: Leaving
  - From: Hubert Weikert <weikert@muninn.cube.net>

Prev by Date: Re: Just noise: Leaving
Next by Date: security
Previous by thread: Re: Just noise: Leaving
Next by thread: Three ported/NIC'd firewall.
Index(es):
- Date
- Thread