Pardon me if this had already been stated, as I am drowning in the
replies, but it has always been my experience that a firewall should have
absolutely nothing on it that does not *need* to be there for the
firewall to do its job.
IMHO, a firewall does not fit into the class of servers. Server teams
that audit other machines should not attempt to use standard policies on
these firewalls. My personal opinion in the matter is that perl does not
asasist the firewall in running. It is a tool that will be used for
auditing the machine or performing other tasks that are not related to
the task at hand, that being keeping unauthorized traffic out of your
secure network.
>(It would run some system audit routines, bring it in line with the rest
of the internal unix systems.)
This statement, to me, says it all. "...bring it in line with the rest of
the internal unix systems." I would caution against exactly that. Keep
the firewalls in their own line. Lock them down, install only what is
absolutely necessary, and give access only to those who absolutely need
to be on *that box*. The last thing you want to have to worry about is
who is doing what on your firewalls.
-Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
