Re: idea for improving security

To: debian-security@lists.debian.org
Subject: Re: idea for improving security
From: Hans Spaans <debian-security@lists.hansspaans.nl>
Date: Wed, 7 May 2003 23:23:22 +0200
Message-id: <20030507212322.GB24613@sch01r01.nexit.nl>
In-reply-to: <20030507092716.GB1300@mould.vormig.net>
References: <3EB7F9DC.2000501@iit.edu> <20030506231404.GB6778@mould.vormig.net> <20030507054018.GC6368@sch01r01.nexit.nl> <20030507092716.GB1300@mould.vormig.net>

On Wed, May 07, 2003 at 11:27:16AM +0200, Tim van Erven wrote:
> On Wed, 07/05/2003 07:40 +0200, Hans Spaans wrote:
> > 
> > How are you going to handle firewalls and stuff? This because you need
> > to accept traffic for those ports.
> 
> You always need to let the trigger through your firewall.  It's just
> easier and less of a custom hack if it's sent on a single port.

Something like Cisco CBAC maybe, but you don't want that performance
wise. But back to the original suggestion, I think its better protect
that one service better by for example using IPsec and strong
authentication then using some obscure way of authentication that
opens extra services and changes firewalls runtime.

A little voice inside tells me that you don't want that ;-)

-- 
Hans

Reply to:

References:
- idea for improving security
  - From: Mark Edgington <edgimar@iit.edu>
- Re: idea for improving security
  - From: Tim van Erven <tve@vormig.net>
- Re: idea for improving security
  - From: Hans Spaans <debian-security@lists.hansspaans.nl>
- Re: idea for improving security
  - From: Tim van Erven <tve@vormig.net>

Prev by Date: Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
Next by Date: Re: Have I been hacked?
Previous by thread: Re: idea for improving security
Next by thread: Re: idea for improving security
Index(es):
- Date
- Thread