Re: Debian secure by default?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/25/08 14:03, Paul Johnson wrote:
> On Saturday 24 May 2008 04:19:20 pm Todd A. Jacobs wrote:
>> On Sat, May 24, 2008 at 11:47:05AM -0700, Paul Johnson wrote:
>>> I see no advantage to host-based firewalls that couldn't be better
>>> served by a router doing filtering at the edge of the network.
>>> There's no reason to expose machines directly to the internet.
>>
>> Internal threats? A compromised host? Lazy sysadmins? Ignorant users?
>> How would your perimeter security help there?
>
> You can't solve social problems with technological means effectively. Odds
> are, if they're on your internal network and you consider them a security
> threat, you have deeper security problems than can't be solved short of door
> locks and ensuring nobody outside can get a connection.
What Todd is referring to is Defense In Depth, i.e. a layered defense.
- --
Ron Johnson, Jr.
Jefferson LA USA
ESPN makes baseball players better.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIObpzS9HxQb37XmcRAjegAJ42pwUH86p6nTJRGuqSXL8wX3RVYwCgztzV
4eikYvGEeduMkPn/ih5EYaY=
=EIxf
-----END PGP SIGNATURE-----
Reply to: