Robert Moskowitz wrote: > > I have seen attacks and mitigations that often never make it out to the > public, or make it out after we have worked with the vendors for weeks > to get patches before the S* hits the fans. I am particularly paranoid > about what may be exposed on a gateway/firewall while waiting for that > all so important patch. > > I don't like SME's laid back attitude to getting a 1st install patched, > for example. One 1st install, all services on the server MUST be blocked > until current updates are installed and configured, and only then opened. > > So, no, your explaination does not make me feel more comfortable. But > then as indicated, I am a hard one to make comfortable.... I could have missed something, but I don't recall any services being open on the external nic until you configure them. Are any? If you have a 1-nic setup they probably assume that something else is handling the firewalling. >> That's not particularly relevant - if you access from more than one >> location you might want to set up imaps access so all the messages are >> stored on the server and available through the hoard web interface if >> you aren't at you usual client(s). > > I was at the IETF when IMAP was brought out of CMU and standardized, I > know the beast all too well. Yeah, on R4 and you still can't count on a good notification mechanism, but it is usable. -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos