Return-Path: <linux-kernel-owner+willy=40w.ods.org@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id <S265136AbSJWRub>; Wed, 23 Oct 2002 13:50:31 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org
	id <S265138AbSJWRua>; Wed, 23 Oct 2002 13:50:30 -0400
Received: from h66-38-216-165.gtconnect.net ([66.38.216.165]:60932 "HELO
	innerfire.net") by vger.kernel.org with SMTP id <S265136AbSJWRu2>;
	Wed, 23 Oct 2002 13:50:28 -0400
Date: Wed, 23 Oct 2002 13:56:39 -0400 (EDT)
From: Gerhard Mack <gmack@innerfire.net>
To: "Richard B. Johnson" <root@chaos.analogic.com>
cc: "Robert L. Harris" <Robert.L.Harris@rdlg.net>,
       Linux-Kernel <linux-kernel@vger.kernel.org>
Subject: Re: One for the Security Guru's
In-Reply-To: <Pine.LNX.3.95.1021023105535.13301A-100000@chaos.analogic.com>
Message-ID: <Pine.LNX.4.44.0210231346500.26808-100000@innerfire.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1544
Lines: 40

On Wed, 23 Oct 2002, Richard B. Johnson wrote:

>
> Of course the attack against Linux was "true". If you put a
> Linux machine (or Sun or whatever), on the outside of a firewall
> it may be attacked, therefore vulnerable to attack. And, if
> investors learned that you were so stupid as to put it outside
> a firewall, you might get sued by the investors. It's all perfectly
> true. It's a trick by liars that lie by telling irrefutable
> truths.

Actually at the place that just went bankrupt on me I had a Security
consultant complain that 2 of my servers were outside the firewall.  He
recommended that I get a firewall just for those 2 servers but backed off
when I pointed out that I would need to open all of the same ports that
are open on the server anyways so the vulnerability isn't any less with
the firewall.

Firewalls are another Security Consultant's lie and using them for
anything other than preventing outside connections to internal machines
and keeping certain DOS attacks outside the network is a waste of money.
To top it off they make admins feel safer so they are less likely to make
sure the machine is actually admined properly.

Never trust Security Consultants.

	Gerhard

--
Gerhard Mack

gmack@innerfire.net

<>< As a computer I find your faith in technology amusing.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/