[plug] Security

[Christian]

Greg Mildenhall wrote:
> 
> On Wed, 16 Jun 1999, Christian wrote:
> > John Summerfield wrote:
> > > For added security you can also firewall yourself with ipchains (2.2
> > > kernels and patched 2.0) or ipfwadm (2.0 only). May require you
> > > rebuild your kernel with the firewall support.

> > It's questionable whether firewalling off non-existent services will
> > have any positive effect on the system's security.

> I think he's planning on firewalling services which do exist. There are
> plenty of things you might want running on your system, but not accessible
> from the outside world. A kernel packet filter or a tcpwrapper rule would
> work well for that.

My reading of Damion's original email was that he was using the machine
purely as a workstation and didn't feel that he needed to have many (if
any) network services running on it.  In which case, a firewall is a
nice "bunny rug" but little else.  Also, as John pointed out, CGI
scripts represent an avenue for attacking a system which your average IP
filtering firewall wouldn't help with (although in Damion's case he
quite possibly won't be running a web server in which case this is not
so relevant).  Either way, my original point was that in Damion's
situation a firewall is probably of little benefit.

Regards,

Christian.

-- 
Help me, I'm a prisoner in a Fortune cookie file!