On Mon, Oct 27, 2008 at 2:49 PM, Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > On Mon, 27.10.08 15:25, seth vidal (skvidal@xxxxxxxxxxxxxxxxx) wrote: > >> If you'd like to have a CV-off with regard to security awareness and >> actual experience maintaining and securing systems and networks, I'd be >> happy to do so. >> >> Disabling firewalls on individual systems be they desktops or servers is >> a BAD idea. Full stop. > > That is nonsense. > > Firewalls on a desktop make no sense, and David is right is that it is > a relic and not much more. It's paranoia at best to keep this > installed by default. > > Why are desktop firewalls wrong? > > 1) they are not dynamic. In times where laptops are constantly moving > between networks, with stuff like zeroconf or dynamicly assigned > port numbers they would need to adapt dynamically to the > circumstances. However, right now they are single system-wide > static rule table. > And for the most part that is pretty good for the desktop. Watching the traffic I see at most cafe's, the university network, etc.. firewalls are still needed and not just for Windows boxes. And to be honest the biggest set of penetration and problems that occur in the world are from desktops. Break into the desktop, and use it as your base for other desktops until you get to a server. So far this semester I have dealt with several compromised systems all were a) Linux, b) no firewall, and c) desktops or printers with embedded fedora of all things. The Windows desktops have been running behind the curve. Why do I feel like I am reliving the 1990's desktop discussions of "why are we using this privilege seperation? it makes no sense, and keeps causing my apps to not work! Answer: Run as root. It fixes all problems." In the end, the current firewall is a condom. It gets in the way, but for a good reason. If you can trust your partner, then do what you want.. if you can't then wear one. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
