On Thu, Dec 6, 2012 at 9:49 AM, Giles Coochey <giles@xxxxxxxxxxx> wrote:
> On 06-12-2012 15:41, Les Mikesell wrote:
>> On Thu, Dec 6, 2012 at 9:13 AM, <m.roth@xxxxxxxxx> wrote:
>>>
>>> Disabling selinux, or at least setting it to permissive, I agree
>>> with.
>>> Turning down your firewall?! Anyone suggesting that is, IMO, either
>>> a)
>>> clueless, or b) a malware user/vendor trying to make life easier.
>>> Can
>>> anyone think of any other possibilities?
>>
>> Someone with good site and subnet-level hardware firewalling. And a
>> good feeling that all the bad guys are on the other side of the
>> firewalls.
>
> Filtering Inbound Firewalls are generally useless if the user of the
> system doesn't know what they're doing. A lot of intrusions these days
> are the result of inbound policy permitted traffic in causing someone to
> initiate an outbound connection that gets them hacked.
And you expect someone to be better at stopping this with iptables and
a 'howto' than dedicated hardware and vendor training/support?
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
