[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian secure by default?



On Sat, May 24, 2008 at 11:47:05AM -0700, Paul Johnson wrote:

> I see no advantage to host-based firewalls that couldn't be better
> served by a router doing filtering at the edge of the network.
> There's no reason to expose machines directly to the internet.

Internal threats? A compromised host? Lazy sysadmins? Ignorant users?
How would your perimeter security help there?

To paraphrase Bruce Schneier, security is what you get when you
anticipate how things can *fail*, not how they are supposed to work
under optimal conditions.

Firewalls are useful for solving certain classes of problems. If they
don't solve *your* problems, that doesn't make them useless.

-- 
"Oh, look: rocks!"
	-- Doctor Who, "Destiny of the Daleks"


Reply to: