You know, I just went through this with another person on the list. Here
we go, ipfilter gives some security, but there are soem necessary steps
one must take to harden OpenBSD, that is not on by default.
Please read Chapter 4,5,6 of Building Internet Firewalls, and refer to the
"Ultimate Firewall" by Marcus Ranum :)
/m
"Aaron C. Springer" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
04/23/00 02:51 PM
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED], Jochen Kaiser
<[EMAIL PROTECTED]>, [EMAIL PROTECTED],
firewall list <[EMAIL PROTECTED]>, Ron DuFresne
<[EMAIL PROTECTED]>
Subject: Re: Which would you choose? -reply
Oh really? When is the last time you looked?
Turn on ipfilter and what else?
What is more secure out of the box?
acs
On 23-Apr-00 [EMAIL PROTECTED] wrote:
> Sorry OpenBSD is not secure by default, look again.. :(
>
> /m
>
>
>
>
> "Aaron C. Springer" <[EMAIL PROTECTED]>
> 04/22/00 07:50 AM
>
>
> To: [EMAIL PROTECTED]
> cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
Jochen
> Kaiser
> <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
> firewall list <[EMAIL PROTECTED]>, Ron DuFresne
> <[EMAIL PROTECTED]>
> Subject: Re: Which would you choose? -reply
>
>
> That is almost not needed if you choose OpenBSD... secure by default..
>
> and soon maybe FreeBSD too...
>
>
> acs
>
> On 22-Apr-00 [EMAIL PROTECTED] wrote:
>> Each operating system can be a serious risk if one decides to use it as
> a
>> perimeter device. There is always something new to tune, harden,
> disable,
>> enhance on any given operating system. Prior to installing a security
>> application on top of the residing operating system. Ask someone else
>> within your group to cross-check your work..
>>
>> Disable everything, then only turn on what you may need.. :)
>>
>> /m
>>
>>
>>
>>
>> Ron DuFresne <[EMAIL PROTECTED]>
>> Sent by: [EMAIL PROTECTED]
>> 04/22/00 11:00 AM
>>
>>
>> To: Jochen Kaiser <[EMAIL PROTECTED]>
>> cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
> firewall
>> list
>> <[EMAIL PROTECTED]>
>> Subject: Re: Which would you choose?
>>
>>
>> On Sat, 22 Apr 2000, Jochen Kaiser wrote:
>>
>>> oh my god. this will become a monsterthread :)
>>
>> that it will...
>>
>> [SNIP]
>>
>>>
>>> >
>>> > Is Linux and ipchains/squid/TIS FWTK/etc a security risk?
>>>
>>> A linux out of the box always is. If you spend time and patch and
check
>>> configurations and use it as a standalone computer for firewalling and
>>> squid with no other user shell access, it may be usable.
>>>
>>
>> As is solars, sgi, hp, you name em, all but perhaps openbsd and even a
> few
>> particular distributions of linux designed to be secure 'out of the
> box'.
>>
>> The key point here is knowing yer OS and knowing in particular -=how to
>> lock it down=- It's been said here many times over, if you know an OS
>> better then others, use that, even if yer talking linux, which can be
> well
>> suited to certain situations.
>>
>> Thanks,
>>
>> Ron DuFresne
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> "Cutting the space budget really restores my faith in humanity. It
>> eliminates dreams, goals, and ideals and lets us get straight to the
>> business of hate, debauchery, and self-annihilation." -- Johnny Hart
>> ***testing, only testing, and damn good at it too!***
>>
>> OK, so you're a Ph.D. Just don't touch anything.
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>>
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>
>
> _______________________
> Aaron C. Springer
> [EMAIL PROTECTED]
> pgp key published
> _______________________
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
_______________________
Aaron C. Springer
[EMAIL PROTECTED]
pgp key published
_______________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
