[Dshield] Secure computing (was: Port 135)
mark.rowlands at minmail.net
Tue Oct 29 22:07:35 GMT 2002
> It is more analogous to a hotel and apartment building. The lobby and
> halls may be wide open, but you still have individual locks on every
> room, and visitors can knock on individual rooms. However, if you
> want the firewall approach, then the visitor must buzz the room, and
> the person in room must buzz the main entrance door open to even get
> in the building.
The Republican Society for the Prevention of Abuse of Analogies would like to
state it's repugnance at the constant overuse of the open door, knocking on
open windows, barking at the moon analogy.... it is high time it was retired
and allowed to go and have a nice sleep in a quiet corner.
What is legal and what is isn't is defined quite simply by the laws in your
local political unit of control, be that state, Federal republic or in my
case Raving Megalomanical Dictatorship. If it don't say it is illegal, it
aint. It may be against your ISP's AUP, it may be rude or tasteless behaviour
but unless an applicable law says it is illegal....
As to the relative desirability of firewalls / router policies etc, this is a
purely resource based decision. How you determine the tradeoffs in terms of
time / hardware / convenience can only ever be a personal judgement based
around your user communities needs and desires (not always the same thing
btw) and your perception of the risks involved.
It may be your opinion that every one should have a firewall, but that is all
it is, your opinion and I may well have a commercial reason for not doing so
and in the Raving Megalomaniacal Dictatorship, we don't do stuff until we got
a sound commercial / legal reason for doing so.
For example I am currently working on a network where every machine has filter
based rulesets on every interface detailing specifically which hosts /
networks may talk with each other and on which ports. Every single
unnecessary binary has been stripped out and there are centralised encrypted
logs for just about everything flying about. But there is a valid commercial
reaon for it, the customer isn't doing it because he wants to be a nice
I have another customer where there is virtually no protection, but the
judgement there is that the money is better spent on locking up the toolshed
and making sure the drinks cabinet is kept well stocked....
written with love from behind a freebsd ipfw firewall and a generally liberal
More information about the list