On Thu, 16 Aug 2007 16:49:36 -0700 Russ Allbery <[EMAIL PROTECTED]> wrote:
[snip] > Firewalls are good in the situation where, whenever you open up new > network access, you want to have to make that choice independently in > multiple locations. I'm dubious that this matches the desires of the > average user or that forcing them to do this will really result in more > security as opposed to further training to just always click Okay. It's > great for administrators who want paranoid control over such things. I'm no security expert, but I would suggest that a benefit of 'Personal' firewalls is the provision of a simple, systematic way of restricting access to services. Yes, many apps offer some way of doing this, but remembering each one's different method of doing this can be a headache. I suppose one really should, for maximum security, but I think there's still benefit in a simpler, consistent system. Additionally, not all apps do this the same way; for example, sshd can be configured to bind to a specific IP address, but what if the address is unknowable in advance? Can it be limited to a specific interface, as can be accomplished with a firewall? Even if the answer is yes, my point about simplicity remains. I may be off base here; I'm just expressing my (limited) understanding of the issue. > Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
