Re: KDE 4.2 requires local MySQL Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim wrote:

On Wed, 2009-02-18 at 18:59 -0600, Arthur Pemberton wrote:

Because with a firewall up, an attacker would need to already have
access to the machine...


Configuring services properly is security.  A firewall is a last ditch
attempt to stop fire spreading throughout a system.  If you manage to
bypass it, and people do (not to mention those who turn it off while
trying to resolve some other problem, or configure one with gaping
holes), then you can get into all the unsecurely configured services.


Hardly a "last ditch attempt", Tim.  Even in the construction trade,
a firewall is an integral part of a building's design.  In the network
world, a firewall is just as integral along with VPNs, VLANS, passwords
and other mechanisms.  It's not an add on.

There are some protocols or services that can't be secured in any other
way. Take NFS for example. Much of the data is flying around in cleartext. I don't want my NFS stuff visible on the big, bad Internet 
and a firewall prevents it.  There are devices (lots of switches,
routers, network-controllable power strips, etc.) that support telnet
don't support something like ssh, and don't have "hosts.allow"-type
of access restrictions.  How do you block outside interference with
those without a firewall?

Proper service configuration is crucial to security, but items such as
firewalls, deep packet inspectors, HIDS, NIDS, log inspections, security
updates to existing services and a host of other things are equally
important.  Stating that a firewall is a last ditch attempt is, well,
rather naive to say the least.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- I never drink water because of the disgusting things that fish do  -
-                                  in it.                            -
-                                                      -- WC. Fields -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux