[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

On Thu, 16 Aug 2007 16:49:36 -0700
Russ Allbery <rra@debian.org> wrote:

> Firewalls are good in the situation where, whenever you open up new
> network access, you want to have to make that choice independently in
> multiple locations.  I'm dubious that this matches the desires of the
> average user or that forcing them to do this will really result in more
> security as opposed to further training to just always click Okay.  It's
> great for administrators who want paranoid control over such things.

I'm no security expert, but I would suggest that a benefit of
'Personal' firewalls is the provision of a simple, systematic way of
restricting access to services.  Yes, many apps offer some way of doing
this, but remembering each one's different method of doing this can be
a headache.  I suppose one really should, for maximum security, but I
think there's still benefit in a simpler, consistent system.
Additionally, not all apps do this the same way; for example, sshd can
be configured to bind to a specific IP address, but what if the address
is unknowable in advance?  Can it be limited to a specific interface,
as can be accomplished with a firewall?  Even if the answer is yes, my
point about simplicity remains.

I may be off base here; I'm just expressing my (limited) understanding
of the issue.

> Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to: