Re: KDE 4.2 requires local MySQL Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
On Wed, 2009-02-18 at 18:59 -0600, Arthur Pemberton wrote:
Because with a firewall up, an attacker would need to already have
access to the machine...

Configuring services properly is security.  A firewall is a last ditch
attempt to stop fire spreading throughout a system.  If you manage to
bypass it, and people do (not to mention those who turn it off while
trying to resolve some other problem, or configure one with gaping
holes), then you can get into all the unsecurely configured services.

Hardly a "last ditch attempt", Tim.  Even in the construction trade,
a firewall is an integral part of a building's design.  In the network
world, a firewall is just as integral along with VPNs, VLANS, passwords
and other mechanisms.  It's not an add on.

There are some protocols or services that can't be secured in any other
way. Take NFS for example. Much of the data is flying around in cleartext. I don't want my NFS stuff visible on the big, bad Internet
and a firewall prevents it.  There are devices (lots of switches,
routers, network-controllable power strips, etc.) that support telnet
don't support something like ssh, and don't have "hosts.allow"-type
of access restrictions.  How do you block outside interference with
those without a firewall?

Proper service configuration is crucial to security, but items such as
firewalls, deep packet inspectors, HIDS, NIDS, log inspections, security
updates to existing services and a host of other things are equally
important.  Stating that a firewall is a last ditch attempt is, well,
rather naive to say the least.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- I never drink water because of the disgusting things that fish do  -
-                                  in it.                            -
-                                                      -- WC. Fields -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux