Re: Irresponsible user stories!

To: debian-user@lists.debian.org
Subject: Re: Irresponsible user stories!
From: Celejar <celejar@gmail.com>
Date: Wed, 25 Apr 2007 15:05:56 -0400
Message-id: <[🔎] 20070425150556.bcbeec25.celejar@gmail.com>
In-reply-to: <[🔎] 462E3E81.9060904@physik.blm.tu-muenchen.de>
References: <[🔎] 200704231525.20299.Gnu-Raiz@midsouth.rr.com> <[🔎] 20070423221223.GA3106@ackbar> <[🔎] 1ed210e90704231526o6dac9a36u8019a1dc015a5ebf@mail.gmail.com> <[🔎] 20070423233940.GC3679@ackbar> <[🔎] 20070424104216.a7d0de06.celejar@gmail.com> <[🔎] 462E3E81.9060904@physik.blm.tu-muenchen.de>

On Tue, 24 Apr 2007 19:29:37 +0200
Johannes Wiedersich <johannes@physik.blm.tu-muenchen.de> wrote:

> Celejar wrote:
> > I don't think that protecting Windows machines with firewalls and
> > shutting down services is particularly difficult.
> 
> But maybe more difficult than
> aptitude install <your favorite firewall>
> ;-)

Well, on this list our (including me) favorite firewall is Shorewall,
which requires rather more than that. Everyone always says that it has
great documentation, which it does, but the point is that you'll need
it. Moreover, you (or maybe just I :)) _will_ have headaches. For
example, I recently built a custom kernel and then found that I had no
network connectivity. Remembering that such problems are often related
to Shorewall, I checked its log and saw that it wasn't starting up (or
rather, that it was going into its 'stopped' state); I checked the log
and saw that some iptables modules that Shorewall was configured to use
weren't built, so I had to rebuild the kernel (I suppose I should have
just built the modules). I've had problems with enabling / disabling
NAT, and renaming interfaces. All these 'problems' were perfectly
solvable by consulting the docs and logs, but I'm not sure I would say
that installing and running Shorewall is simpler and / or easier then a
simple Windows firewall (more powerful, obviously). One might argue
that I'm comparing apples and oranges, and that I should really compare
Firestarter / Guarddog / Guidedog to the Windows GUI firewalls. I once
tried Firestarter and Guarddog, but it was some time ago, and I don't
have much to say about them.

> The point in this particular case is, that this computer lab apparently
> does not apply security patches regularly and does not protect their
> systems from someone entering the room and installing a new OS of their
> liking on any computer; thus encouraging abuse of any kind.
> 
> Protecting their machines with firewalls and shutting down services is
> only about the final step required to improve security along a much
> longer journey...
> 
> Johannes

I agree, of course. I was just commenting that Windows was not as bad,
in this respect, as the earlier poster seemed to suggest. The bad admin
habits you mention are OS-independent.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

Follow-Ups:
- [OT] Favoured Firewall
  - From: Michael Dominok <du.lists@dominok.net>

References:
- Irresponsible user stories!
  - From: Gnu_Raiz <Gnu-Raiz@midsouth.rr.com>
- Re: Irresponsible user stories!
  - From: "Michael Pobega" <pobega@gmail.com>
- Re: Irresponsible user stories!
  - From: "Nate Duehr" <nate@natetech.com>
- Re: Irresponsible user stories!
  - From: "Michael Pobega" <pobega@gmail.com>
- Re: Irresponsible user stories!
  - From: Celejar <celejar@gmail.com>
- Re: Irresponsible user stories!
  - From: Johannes Wiedersich <johannes@physik.blm.tu-muenchen.de>

Prev by Date: Re: xkb options
Next by Date: Re: Dates and times in Icedove
Previous by thread: Re: Irresponsible user stories!
Next by thread: [OT] Favoured Firewall
Index(es):
- Date
- Thread