On Wed, 4 Feb 2004 16:08:57 -0800 (PST), Alvin Oga <[EMAIL PROTECTED]> wrote in message <[EMAIL PROTECTED]>:
> > hi ya jens > > On Wed, 4 Feb 2004, Jens Simmoleit wrote: > > > The best thing to tighten up your network is a firewall........... > > try this one I use it here for customers. It's free it's (not really > > :-) fun and it's reliable, never had any trouble with it. Easy to > > maintain, just great........... works with ip tables > > yes and no ... > > i think that most people do not treat a fw any differently than a dns, > web, mail, insecure box ..those are not _in_ ipcop, they _can_ be put in its DMZ for public use, or in the lan for internal-only use. Details in http://ipcop.org/ > what is the difference between each server ?? > dns ------ runs [chroot] bind > mail ----- runs your mta ( sendmail, exim, qmail, .. ) > pop ------ runs secure in.popd > web ------ runs apache > firewall - runs iptables > ... > > > same os, same gcc, same xxx apps, same yyy libs, .... ..no compiler in ipcop. ;-) > all other apps and exploits and vulnerabilities are the same with > or without the firewall .. ..true. And all easy prey with everything on the same box. > > what good is the firewall ??? it allows the cracker in > from the cracked home pc or sniffed wireless traffic > > the "computer/resources security policy" is 10x more important than a > firewall ?? > > my stance is ... "assume they have root access" .. now protect what > you want to protect in that supposedly secure network that they not > supposed to be watching/sniffing/cracking into ..so look boring, pretend to be a wintendo or something boring but normal, give'm one box at the time, and prep back-ups, tarpits and jails are optional, or make'm "Yahoo, got it! What? Fuck, its gone!". > weigh all that against the costs of loss of data ... or loss > or productivity or people not being able to work for 2-3 days > while forensics is being done ..is _why_ you want it all on separate boxes. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
