Noah, The more programs running on a computer, the less secure it is. A firewall can run a mimimal system - see the LEAF project with deep Debian roots. If you run a firewall running out of RAM then not only will it be minimal, but no trojans can live beyond a reboot.
Of course no computer is invincible, but the idea behind firewalls is valid and is as secure as the implementers have the time and knowledge to stay one step ahead of the crackers. I'll let you tell me how a browser session of an internal user is hijacked and then we'll discuss the missing rule in the firewall. I didn't claim that firewalls are a panacea, or a network can be trusted. I will tell you that sendmail and the general issue of mail handling has been and will continue to be a security issue. You can avoid some of these problems by letting your ISP gather your mail which you later retrieve with what ever program you want. -- Sincerely, David Smead http://www.amplepower.com. On Fri, 19 Apr 2002, Noah Meyerhans wrote: > On Thu, Apr 18, 2002 at 09:42:06PM -0700, David Smead wrote: > > That's why you run those services in a DMZ. > > > > And what do you do when a security vulnerability arises in your firewall > implementation? Or when an attacker is able to hijack a web browsing > session by one of your internal users? > > The idea that firewalls are the panacea of network security is very > dangerous. No network should be trusted, and firewalling off your > little subnet is not going to change that. > > It's been said many times before: the only secure computer is one that's > not plugged in. > > noah > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
