> You can disagree with this approach. However, in my 10+ experience > setting up security gateways for Internet traffic (mostly for > HTTP/FTP/SMTP) I've seen only a few vulnerabilities in the gateways > themselves. Many of the gateways I have deployed are either network > appliances with a Common Criteria certification (see
So you have had vulnerabilities for 10 years in systems exposing all users to them for ten years and guess what, you still have. In my 10+ years I haven't. I shall stick to disagreeing along with snort.org but admit this is widely done even on firewalls themselves. I do some scanning for exploits even but for information in an isolated way as snort.org strongly recommends and not active re-action. P.s. That's not defense in depth. If you had defence in depth worth mentioning then you wouldn't need Antivirus. Of course I am sure those decisions are out of your hands and so I am not criticising you and I am sure your network is more secure than most, just stressing my opinion. The part about hacking tools was mentioned in case the whole server was blocked rather then a few packages. > In my organisation (and I know we are not alone here), Many run polkit, sudo, dbus-launcher, Windows. Some like me run just sudo. I'm not alone either. I read just the other day that Cambridge Uni's production policy is to only allow sudo for priviledge granting. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/25401.28226...@smtp130.mail.ir2.yahoo.com
