At 15:18 07/05/01 +0530, Devdas Bhagat wrote:
>On Mon, 07 May 2001, Alvin Oga spewed into the ether:
> > there are secure'd linux versions..
> > for bsd.. i hear netBSD is the most secure of the bsd family ??
>OpenBSD.
NetBSD.
if you get back, we'll get back too:)
> > firewalls should only run basic functions + ipchains???
> > - some say add dns too ??? but.... good and bad idea...
>Huh? What basic functions?
>ssh, and ipchains. Firewalls should *not* use DNS.
Huh? we probably don't read the same bible:)
Firewalls should do their job, period. There is no god claiming that DNS
is Satan and that Sendmail is eveil. It all depends on the situation, and
it all depends on the configuration.
>Folks, please note that any system is only as secure as its
>administrator makes it. If anyone is more comfortable with Linux than
>BSD, he/she will never be able to make an OpenBSD machine more secure
>than a Linux box.
To tell you the truth, I'm more conformtable with a switch. I'm seriously
asking why
to use a FW? a switch is just easy to admin, to config:)
Security is not about comfort. It's about security.
>It may take more work to secure a Redhat machine than an OpenBSD one,
>but that is a one time effort (ignoring patches), but if the
>administrator is not confident about handling OpenBSD properly, then
>he/she should not do so.
If the amdin is not comfortable with a product that is supposed to secure
his site,
be it BSD, PIX, FW9, or anything else, then he should go to the beach and
let more
"comfortable" people do the job. That'll make everyone happy...... and the
job done.
If I find a single admin who can say, seriously, that he has problems
administering
a *BSD host, then I'll promiss you something: He'll feel the sound of my
hand over
his face. Those who claim he aren't comfortable with BSD are the same guys
who yesterday
used to say they are better with NT cos' it's just a click in the ass. Now,
networking isn't
a click&eat-a-pizza game. It's about competency, learning, understanding, ...
If you're too stupid, get out of the way. get back to your .bat scripts
(I'm not talking to
"you". I'm talking to any guy who corresponds to the description. so don't
think this
is against you).
> Production systems are too valuable to risk like that.
You're not defending valuable security devices, you're defending the
valuable stock
options of redhat:)
>The moon may be smaller than Earth, but it's further away.
*BSD may be less used than linux, but it's somewhere (I'll resist the
temptation to say "further away",
to avoid silly flame wars...)
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
