KDE 4.2 requires local MySQL Server

Rick Stevens ricks at nerd.com
Thu Feb 19 17:43:21 UTC 2009 

Tim wrote:
> On Wed, 2009-02-18 at 18:59 -0600, Arthur Pemberton wrote:
>> Because with a firewall up, an attacker would need to already have
>> access to the machine...
> 
> Configuring services properly is security.  A firewall is a last ditch
> attempt to stop fire spreading throughout a system.  If you manage to
> bypass it, and people do (not to mention those who turn it off while
> trying to resolve some other problem, or configure one with gaping
> holes), then you can get into all the unsecurely configured services.

Hardly a "last ditch attempt", Tim.  Even in the construction trade,
a firewall is an integral part of a building's design.  In the network
world, a firewall is just as integral along with VPNs, VLANS, passwords
and other mechanisms.  It's not an add on.

There are some protocols or services that can't be secured in any other
way.  Take NFS for example.  Much of the data is flying around in 
cleartext.  I don't want my NFS stuff visible on the big, bad Internet
and a firewall prevents it.  There are devices (lots of switches,
routers, network-controllable power strips, etc.) that support telnet
don't support something like ssh, and don't have "hosts.allow"-type
of access restrictions.  How do you block outside interference with
those without a firewall?

Proper service configuration is crucial to security, but items such as
firewalls, deep packet inspectors, HIDS, NIDS, log inspections, security
updates to existing services and a host of other things are equally
important.  Stating that a firewall is a last ditch attempt is, well,
rather naive to say the least.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- I never drink water because of the disgusting things that fish do  -
-                                  in it.                            -
-                                                      -- WC. Fields -
----------------------------------------------------------------------

More information about the fedora-list mailing list