Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 23 Oct 2002 13:50:31 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 23 Oct 2002 13:50:30 -0400 Received: from h66-38-216-165.gtconnect.net ([66.38.216.165]:60932 "HELO innerfire.net") by vger.kernel.org with SMTP id ; Wed, 23 Oct 2002 13:50:28 -0400 Date: Wed, 23 Oct 2002 13:56:39 -0400 (EDT) From: Gerhard Mack To: "Richard B. Johnson" cc: "Robert L. Harris" , Linux-Kernel Subject: Re: One for the Security Guru's In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1544 Lines: 40 On Wed, 23 Oct 2002, Richard B. Johnson wrote: > > Of course the attack against Linux was "true". If you put a > Linux machine (or Sun or whatever), on the outside of a firewall > it may be attacked, therefore vulnerable to attack. And, if > investors learned that you were so stupid as to put it outside > a firewall, you might get sued by the investors. It's all perfectly > true. It's a trick by liars that lie by telling irrefutable > truths. Actually at the place that just went bankrupt on me I had a Security consultant complain that 2 of my servers were outside the firewall. He recommended that I get a firewall just for those 2 servers but backed off when I pointed out that I would need to open all of the same ports that are open on the server anyways so the vulnerability isn't any less with the firewall. Firewalls are another Security Consultant's lie and using them for anything other than preventing outside connections to internal machines and keeping certain DOS attacks outside the network is a waste of money. To top it off they make admins feel safer so they are less likely to make sure the machine is actually admined properly. Never trust Security Consultants. Gerhard -- Gerhard Mack gmack@innerfire.net <>< As a computer I find your faith in technology amusing. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/