On Tue, 30 Jul 2002 at 09:51:19AM +0200, Giacomo Mulas wrote: > 3) if you do need them (e.g. you need to export NFS file systems) restrict > access to all of these relatively fragile services to trusted hosts, using > hosts.allow, hosts.deny and/or firewalling. > On his point I would like to add that I encourage everyone I talk to to involk a strong filtering system on any Linux system directly accessable from the net. I also encourage it on systems that are not directly accessable. Internal hosts can always get compromised. A strong firewall ruleset will DROP everything and allow only what is needed.
Regards, -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
