On Sun, Apr 07, 2002 at 06:28:01PM -0400, Brian J. Murrell wrote:
> On Sun, Apr 07, 2002 at 03:33:23PM +0200, Henrik Nordstrom wrote:
> > 
> > A firewall who gives no access is very effective, but not likely to 
> > make you very famous as it also inhibits any communication to take 
> > place.
> 
> Understood.  But a firewall that takes "orders" as to what to open and
> close without and understanding of what it's for is next to useless.
> Firewalls are put in place precisely because OSes and applications
> cannot be trusted on the network.  To then give them the permission to
> modify the security policy as they wish makes them next to useless.

I totally agree.  Of course those 'orders' would need to go through some
firewall-admin defined policy, before hitting netfilter/iptables.

This is the job done by configuration of the upnp-daemon. 

> I disagree with this characterization.  I have seen nothing to suggest
> UPnP has anything to do with security but rather is about getting
> access through firewalls.  But this opinion is only based on what I
> have read here.  I have not read the UPnP spec.  Feel free to correct
> me if you know different.

My impression is also that upnp has not the goal of securing anything.

> Brian J. Murrell



-- 
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

Attachment: msg00602/pgp00000.pgp
Description: PGP signature

Reply via email to