Re: Debian secure by default?
On Sat, May 24, 2008 at 11:47:05AM -0700, Paul Johnson wrote:
> I see no advantage to host-based firewalls that couldn't be better
> served by a router doing filtering at the edge of the network.
> There's no reason to expose machines directly to the internet.
Internal threats? A compromised host? Lazy sysadmins? Ignorant users?
How would your perimeter security help there?
To paraphrase Bruce Schneier, security is what you get when you
anticipate how things can *fail*, not how they are supposed to work
under optimal conditions.
Firewalls are useful for solving certain classes of problems. If they
don't solve *your* problems, that doesn't make them useless.
--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"
Reply to: