Re: Debian secure by default?

[Ron Johnson <ron.l.johnson@cox.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/25/08 14:03, Paul Johnson wrote:
> On Saturday 24 May 2008 04:19:20 pm Todd A. Jacobs wrote:
>> On Sat, May 24, 2008 at 11:47:05AM -0700, Paul Johnson wrote:
>>> I see no advantage to host-based firewalls that couldn't be better
>>> served by a router doing filtering at the edge of the network.
>>> There's no reason to expose machines directly to the internet.
>>
>> Internal threats? A compromised host? Lazy sysadmins? Ignorant users?
>> How would your perimeter security help there?
> 
> You can't solve social problems with technological means effectively.  Odds 
> are, if they're on your internal network and you consider them a security 
> threat, you have deeper security problems than can't be solved short of door 
> locks and ensuring nobody outside can get a connection.

What Todd is referring to is Defense In Depth, i.e. a layered defense.

- --
Ron Johnson, Jr.
Jefferson LA  USA

ESPN makes baseball players better.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIObpzS9HxQb37XmcRAjegAJ42pwUH86p6nTJRGuqSXL8wX3RVYwCgztzV
4eikYvGEeduMkPn/ih5EYaY=
=EIxf
-----END PGP SIGNATURE-----