On 7/25/05, Siju George <[EMAIL PROTECTED]> wrote: > Hi all, > > how much truth is actually in this article??? > http://www.securitypipeline.com/165700439
Bla bla bla firewalls are dead bla bla bla defense in depth bla bla bla. Ultimately the good points the author makes are 1) you really should be securing everything up to the end host 2) you need to use "defense in depth". Neither of these should be a surprise to anyone here. Run pf to drop packets you don't need to see. Turn off un-needed network services. Make your daemons drop privileges they don't need. Use cryptography. Use exploit mitigation techniques. Validate input. Use APIs designed for security. Write good clean, understandable code. All of these bring a different asset to the table. If you've got a bunch of easy-to-use security technologies, why would you not use them... While the previous list assumes OpenBSD, a suitable list of hardening practices is probably available for the platform/application of your choice. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
