Re: Which would you choose? -reply

Aaron C. Springer Sun, 23 Apr 2000 18:26:58 -0700
mmm... you read it, I have read it.. and I have been root on most commercial
firewalls...

Aside from a couple of small details OpenBSD IS safe from remote expliots
with the default install.

You didn't say which OS is more secure out of the box..

acs

On 23-Apr-00 [EMAIL PROTECTED] wrote:
> You know, I just went through this with another person on the list.  Here 
> we go, ipfilter gives some security, but there are soem necessary steps 
> one must take to harden OpenBSD, that is not on by default.
> 
> Please read Chapter 4,5,6 of Building Internet Firewalls, and refer to the 
> "Ultimate Firewall" by Marcus Ranum  :)
> 
> /m
> 
> 
> 
> 
> "Aaron C. Springer" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 04/23/00 02:51 PM
> 
>  
>         To:     [EMAIL PROTECTED]
>         cc:     [EMAIL PROTECTED], [EMAIL PROTECTED], Jochen
> Kaiser 
> <[EMAIL PROTECTED]>, [EMAIL PROTECTED], 
> firewall list <[EMAIL PROTECTED]>, Ron DuFresne 
> <[EMAIL PROTECTED]>
>         Subject:        Re: Which would you choose? -reply
> 
> 
> Oh really?  When is the last time you looked?
> 
> Turn on ipfilter and what else?
> 
> What is more secure out of the box?
> 
> acs
> 
> 
> 
> On 23-Apr-00 [EMAIL PROTECTED] wrote:
>> Sorry OpenBSD is not secure by default, look again.. :(
>>
>> /m
>>
>>
>>
>>
>> "Aaron C. Springer" <[EMAIL PROTECTED]>
>> 04/22/00 07:50 AM
>>
>>
>>         To:     [EMAIL PROTECTED]
>>         cc:     [EMAIL PROTECTED], [EMAIL PROTECTED], 
> Jochen
>> Kaiser
>> <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
>> firewall list <[EMAIL PROTECTED]>, Ron DuFresne
>> <[EMAIL PROTECTED]>
>>         Subject:        Re: Which would you choose? -reply
>>
>>
>> That is almost not needed if you choose OpenBSD... secure by default..
>>
>> and soon maybe FreeBSD too...
>>
>>
>> acs
>>
>> On 22-Apr-00 [EMAIL PROTECTED] wrote:
>>> Each operating system can be a serious risk if one decides to use it as
>> a
>>> perimeter device.  There is always something new to tune, harden,
>> disable,
>>> enhance on any given operating system.  Prior to installing a security
>>> application on top of the residing operating system.  Ask someone else
>>> within your group to cross-check your work..
>>>
>>> Disable everything, then only turn on what you may need.. :)
>>>
>>> /m
>>>
>>>
>>>
>>>
>>> Ron DuFresne <[EMAIL PROTECTED]>
>>> Sent by: [EMAIL PROTECTED]
>>> 04/22/00 11:00 AM
>>>
>>>
>>>         To:     Jochen Kaiser <[EMAIL PROTECTED]>
>>>         cc:     [EMAIL PROTECTED], [EMAIL PROTECTED],
>> firewall
>>> list
>>> <[EMAIL PROTECTED]>
>>>         Subject:        Re: Which would you choose?
>>>
>>>
>>> On Sat, 22 Apr 2000, Jochen Kaiser wrote:
>>>
>>>> oh my god. this will become a monsterthread :)
>>>
>>> that it will...
>>>
>>>         [SNIP]
>>>
>>>>
>>>> >
>>>> > Is Linux and ipchains/squid/TIS FWTK/etc a security risk?
>>>>
>>>> A linux out of the box always is. If you spend time and patch and 
> check
>>>> configurations and use it as a standalone computer for firewalling and
>>>> squid with no other user shell access, it may be usable.
>>>>
>>>
>>> As is solars, sgi, hp, you name em, all but perhaps openbsd and even a
>> few
>>> particular distributions of linux designed to be secure 'out of the
>> box'.
>>>
>>> The key point here is knowing yer OS and knowing in particular -=how to
>>> lock it down=-  It's been said here many times over, if you know an OS
>>> better then others, use that, even if yer talking linux, which can be
>> well
>>> suited to certain situations.
>>>
>>> Thanks,
>>>
>>> Ron DuFresne
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> "Cutting the space budget really restores my faith in humanity.  It
>>> eliminates dreams, goals, and ideals and lets us get straight to the
>>> business of hate, debauchery, and self-annihilation." -- Johnny Hart
>>>         ***testing, only testing, and damn good at it too!***
>>>
>>> OK, so you're a Ph.D.  Just don't touch anything.
>>>
>>> -
>>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>>> "unsubscribe firewalls" in the body of the message.]
>>>
>>>
>>> -
>>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>>> "unsubscribe firewalls" in the body of the message.]
>>
>>
>> _______________________
>> Aaron C. Springer
>> [EMAIL PROTECTED]
>> pgp key published
>> _______________________
>>
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
> 
> 
> _______________________
> Aaron C. Springer
> [EMAIL PROTECTED]
> pgp key published
> _______________________
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]


_______________________
Aaron C. Springer
[EMAIL PROTECTED]
pgp key published
_______________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: Which would you choose? -reply

Reply via email to
