Phil Schaffner wrote:
On Thu, 2005-07-21 at 17:05 -0400, Tim Holmes wrote:
...
Hi phil -- the firewalls are shut off on all the machines -- we are
behind a hardware firewall and do not need the internal ones -- as a
result -- they do more harm than good
Well, that's not the problem, but a bit of unsolicited/OT advice. Good
security is built in layers. I'm behind a pretty robust center-level
firewall also, but learned the hard way that it is not impervious.
We've had several cases of bad guys getting through the main firewall
and running rampant on the machines inside (mostly those foolish people
that were not up-to-date on security patches, and/or Windoze boxes). I
run local firewalls on each machine I'm responsible for. I like
firestarter for the individual-machine firewalls. Makes it pretty
painless.
http://www.fs-security.com/
Phil
Well, experiences vary. One thing to remember is that every
unneeded line of code is another place for a defect to hide.
One of the things I continually had to hammer into the
engineers under my lead is "If a feature is not in the
requirements spec, then it shouldn't be in the code!"
Installing one or two programs for security may be prudent.
Installing 50 programs for security is asking for troubles.
Somewhere in between is where most people would settle.
Taking one or two drugs may be prudent.
Taking 50 is asking for drug interactions and troubles.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
