Date: Sat, 23 Mar 2002 05:29:59 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Cliff Sarginson <csfbsd@raggedclown.net> Cc: questions@freebsd.org Subject: Re: ipfw rules (was: Re: Advocacy help for CS professor) Message-ID: <20020323032958.GA59842@hades.hell.gr> In-Reply-To: <20020323003356.GQ4940@raggedclown.net> References: <1016835511.3c9badb74132e@webmail.neomedia.it> <20020322235100.GN4940@raggedclown.net> <20020323001642.GA55585@hades.hell.gr> <20020323003356.GQ4940@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-03-23 01:33, Cliff Sarginson wrote:
> On Sat, Mar 23, 2002 at 02:16:42AM +0200, Giorgos Keramidas wrote:
> > The countless examples of ipfw/ipfilter setups posted on the FreeBSD lists
> > might also help you :-)
>
> I know, but every firewall I have ever made has not worked.
> I think I have a blind spot. ...
> My firewalls either let villains in, or keep me out.
This is because firewalls are not the panacea of security. Security is not
a program, or a firewall, or a ruleset. Security is a process. A way of
thinking, and working on computers. You can have a firewall that blocks
everything, except for SSH, and then be hacked by the first script kiddie
when an update to OpenSSH comes out and you fail to update your ssh server
machines. You can have a firewall that blocks everything except for RSA
logins through ssh, and then leave a copy of your private keyring in the
floppy drive of a netcafe.
Firewalls are *not* enough...
Giorgos Keramidas FreeBSD Documentation Project
keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020323032958.GA59842>