Anthony Towns <[email protected]> writes: > No, that's not the case. If I have faith in the reliability of the > service in normal use, but none in its security, I ensure that it's only > accessible by *people* I have faith in. I can do that with firewalling > tools.
The general use of firewalling that I think has some sensibility is when you have a network administrator who is administratively separate from the people in the network, and in which the network administrator trusts the people in his network not to be malicious, but he doesn't trust them to be good security administrators. In that case, he can block ports which are commonly used to violate badly configured machines behind his network. This doesn't help at all against the person behind the firewall who just runs services on a different port, or sets up firewalls, and the like; hence the qualification that he must still trust them not to be malicious. "Firewalling" on a single host is mostly a way to cheaply fix a bunch of problems rather than fixing them one at a time. It's not inherently necessary if the other things don't already have gobs of bugs. In any case, none of this is anywhere near the most important obstacles keeping the Hurd from Prime Time. Way, way, way down on the list. > Because I'm not talking about defaults. Nor am I talking about things that > everyone will be compelled to use. I'm talking about features that *must* > be made available for me to be able to look someone in the eye and say > "Yes, Debian GNU/Hurd 3.1 is ready for your use." I think that depends on who the "you" is that you are talking to, and it's misguided to think the answer must be the same for everyone. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
