oiaohm wrote: > mc2718 good secuirty is like a onion. You have layers. > > Firewall is only one layer. DAC permissions are another. MAC permissions are another. Physical controls are another. > > At the firewall layer I use single packet port knocking to open the ssh. So it is hidden most of the time. > > Also the least number of not security layers the better. Ie wine is a non secuirty layer. > > Always remembering any one layer could fail one day. Each layer reduces the risk or complete failure. > > Secuirty what got my fear of you mc2718. People from a windows background have the problem of putting too much faith in anti-viruses and firewalls. Where good secuirty from the Unix/Linux world teaches you not to depend on them. > > > Or doing a massive study for the CISSP/IASSP exam. I have to get this to keep my job. In any case, a firewall, with a host based security system can be and is a lot of fun. James McKenzie
