Ron Johnson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/25/08 14:28, Damon L. Chesser wrote: [snip]Employees running amok.What about when Spock runs amok? How will a firewall help?
of course, it will not, but that is what proper user permission/sudo config is all about. NOTHING will protect you against THE system admin going over to the dark side. But an internal firewall will stop the "casual" snooper looking for mischief. Of course, we all know, the more secure you make it, the less "user friendly" and usable it is. Lines must be drawn, decisions made, policies/trade offs accepted. As for "debian more secure by default", that is what the sys admin is for. You want firewalls stopping everything, set it up. You want box foo walled off, wall it off. (all this added just so we know what we disagree on). But working for a large business, you do have to take the staff into consideration (as a threat). That geek in sales, might have a grudge to bare. That is ALL I was commenting on. You MIGHT want to erect a firewall internally to protect server foo from him, you might not.
- -- Ron Johnson, Jr. Jefferson LA USA ESPN makes baseball players better. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIOcTjS9HxQb37XmcRAvTdAJ9IXtSOk9LRZs42Gz5L+XxUZfdgoACfQsxX mA2PGZKDdSgw9E+qIbRdckU= =cISa -----END PGP SIGNATURE-----
-- Damon L. Chesser damon@damtek.com http://www.linkedin.com/in/dchesser