hi
opps...my mistake on openbsd as being more secure of the bsd variations
( just curious about secureBSD too )
and yes devdas, that i cant and wont try to make
bsd machines more secure... wont know all the intricacies
and will farm out that task if it becomes an issue
and i think linux boxes takes too much work to get it
reasonably secure... and to keep it secure...
guess thats why security is always a risk management based
on time and $$$ and resources and the weakest link...
i've heard the argument that dns should be part of the firewall
because ... to send email or web to foo.com ... it has to go
find the dns server first... than it will go to wherever its
directed ...thru the firewall next...
- and the problem is people like to attack the dns servers
- and you're lucky, it might have a backdoor into the lan...
- or whatever it might tell you...
have fun
alvin
On Mon, 7 May 2001, Devdas Bhagat wrote:
> On Mon, 07 May 2001, Alvin Oga spewed into the ether:
> > there are secure'd linux versions..
> > for bsd.. i hear netBSD is the most secure of the bsd family ??
> OpenBSD.
>
> > firewalls should only run basic functions + ipchains???
> > - some say add dns too ??? but.... good and bad idea...
> Huh? What basic functions?
> ssh, and ipchains. Firewalls should *not* use DNS.
>
> Folks, please note that any system is only as secure as its
> administrator makes it. If anyone is more comfortable with Linux than
> BSD, he/she will never be able to make an OpenBSD machine more secure
> than a Linux box.
> It may take more work to secure a Redhat machine than an OpenBSD one,
> but that is a one time effort (ignoring patches), but if the
> administrator is not confident about handling OpenBSD properly, then
> he/she should not do so. Production systems are too valuable to risk
> like that.
>
> Devdas Bhagat
> --
> The moon may be smaller than Earth, but it's further away.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
