[lug] Firewall != Linux, Was -> Broadband

Nate Duehr nate at natetech.com
Wed Aug 2 11:45:29 MDT 2000

On Tue, Aug 01, 2000 at 04:16:30PM -0600, Chris M wrote:

> >> Bunk.
> >> 
> >> I've seen plenty of cracked Linux boxes at the sites of people who should
> >> know better. People I might even hire someday.
> > 
> > And why was that so? Because of a glitch/bug in the Linux code?
> A security hole.  wu-ftpd, sendmail, etc.  A modem connected to the computer
> in one case. Or a simple DoS, any number of things.  I mean the sky is truly
> the limit with so many knobs to turn and lock down.

Install RedHat.  Install NO services and minimal OS.  Run Bastille.
Close everything.  Start opening ports.  UNDERSTAND what you're doing. 
Not too hard.

> A Cisco will beat a Linux firewall for all around security any day.  I don't
> say this with any joy, I hate Cisco.

Not if misconfigured.

> "Some" of today's firewalls, not most. Just because I can get the same gas
> as A.J. Foyt doesn't mean I'm going to drive like he does.

OT: Richard Petty kicked A.J. Foyt's ass all the time.  :)

> So let's admit Linux isn't as good as a commercial firewall then, because
> the incidence of trouble (where trouble == firewall compromise) is far lower
> for commercial products since they do eliminate a large component of
> failure: human judgment and training.

So does Exchange... until you try running it in a 400 user environment.
Heh heh...

Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20000802/cac6ada6/attachment.pgp>

More information about the LUG mailing list