On 21.10.2005, at 18:56, Morten Nilsen wrote: > > please read > http://www.ranum.com/security/computer_security/editorials/dumb/ > > it's much better to block everything, and then allow the things you > know > is ok
ok, I've read it, but sorry, you miss my point. my point was and is that I don't see the advantage of having dansguardian when I don't have to filter network access for a bunch of minors. and I disagree with the "block everything" approach. That's the reason I can't work in my university. My university seems to be the only one where incoming video streams are blocked, b/c the system administrators do not work in the media department. That's why you have to make an IPsec connection from inside WLAN to a gateway host b/ c they don't know about other ways. In a modern world of networks the networks aren't bad. (I insist). The problems arise from the application level. so blocks have to be applied on the application level, b/c it would only take months (if not around already) for worms to pass through port 80 or even make their own ssl connection through internet exploder(!). Don't miss understand me, I can see your concerns, but what is harder to follow, all new network applications, and what kind of connections you need to stay in business, or to do what we focus on: make secure services and bring them out there first? I on my part construct services secure first and apply firewalls where needed, not the other way, close the building down, then open what is needed, that's so not what we apply socially. Networks still follow society, not the other way round, popular things as instant messaging, internet telephony, etc, would have never started off as they did if the inventors would have to apply for IANA port first, then tell the users they need it, and they talk to their administrators for allowance. We do not govern users, we serve them. to make business from the plan first is the one idea that didn't turn out well. so no offense, back to the start, I see dansguardian not as much as a security then a social software, and if I'm wrong feel free to prove me wrong, but don't start explaining that question with different security planning. matthias _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
