Re: my isp is being told *i* am broadcasting spam?
Noah,
The more programs running on a computer, the less secure it is. A
firewall can run a mimimal system - see the LEAF project with deep Debian
roots. If you run a firewall running out of RAM then not only will it be
minimal, but no trojans can live beyond a reboot.
Of course no computer is invincible, but the idea behind firewalls is
valid and is as secure as the implementers have the time and knowledge to
stay one step ahead of the crackers.
I'll let you tell me how a browser session of an internal user is hijacked
and then we'll discuss the missing rule in the firewall.
I didn't claim that firewalls are a panacea, or a network can be trusted.
I will tell you that sendmail and the general issue of mail handling has
been and will continue to be a security issue. You can avoid some of
these problems by letting your ISP gather your mail which you later
retrieve with what ever program you want.
--
Sincerely,
David Smead
http://www.amplepower.com.
On Fri, 19 Apr 2002, Noah Meyerhans wrote:
> On Thu, Apr 18, 2002 at 09:42:06PM -0700, David Smead wrote:
> > That's why you run those services in a DMZ.
> >
>
> And what do you do when a security vulnerability arises in your firewall
> implementation? Or when an attacker is able to hijack a web browsing
> session by one of your internal users?
>
> The idea that firewalls are the panacea of network security is very
> dangerous. No network should be trusted, and firewalling off your
> little subnet is not going to change that.
>
> It's been said many times before: the only secure computer is one that's
> not plugged in.
>
> noah
>
>
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: