[Dshield] Secure computing (was: Port 135)

Jan Johansson janj+dshield at wenf.org
Mon Oct 28 19:05:21 GMT 2002


On Mon, Oct 28, 2002 at 10:41:30AM -0600, Bob Savage wrote:
>I know this discussion is way over my head, but I don't
>understand the resistance here to using a firewall of some kind
>as part of the program.  I must be missing a basic concept.  Why
>would this be looked at differently in an educational
>institution?  Isn't it just common sense to put a lock on the
>door even in a school?

We do not use a firewall because we do not see the need to do so.
Implementing a firewall that is not needed cost money. We also
want to allow our students to experiment and try what they whish
as long as it dosen't hurt anyone.

There is also a war that once on the way is very hard to stop.
If we start blocking the Windows ports Joe User will not be able
to access his Windows shares that he has at home. This will make
Joe User try to find another way to do so. Here the war begins
which ends with that we have to pull the plug because of DDoS
attacks.

What you must have is full control of who does what. You must
also have the means to deny access to any user that missbehaves.
One tool for this is AuthPF[1].

[1] http://www.ualberta.ca/~beck/authgw.html
    http://www.openbsd.org/cgi-bin/man.cgi?query=authpf





More information about the list mailing list