Re: secure installation
On Thu, 16 Aug 2007 16:49:36 -0700
Russ Allbery <rra@debian.org> wrote:
[snip]
> Firewalls are good in the situation where, whenever you open up new
> network access, you want to have to make that choice independently in
> multiple locations. I'm dubious that this matches the desires of the
> average user or that forcing them to do this will really result in more
> security as opposed to further training to just always click Okay. It's
> great for administrators who want paranoid control over such things.
I'm no security expert, but I would suggest that a benefit of
'Personal' firewalls is the provision of a simple, systematic way of
restricting access to services. Yes, many apps offer some way of doing
this, but remembering each one's different method of doing this can be
a headache. I suppose one really should, for maximum security, but I
think there's still benefit in a simpler, consistent system.
Additionally, not all apps do this the same way; for example, sshd can
be configured to bind to a specific IP address, but what if the address
is unknowable in advance? Can it be limited to a specific interface,
as can be accomplished with a firewall? Even if the answer is yes, my
point about simplicity remains.
I may be off base here; I'm just expressing my (limited) understanding
of the issue.
> Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: