[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Browser mode for nautilus



On Mon, Oct 27, 2008 at 2:49 PM, Lennart Poettering
<mzerqung 0pointer de> wrote:
> On Mon, 27.10.08 15:25, seth vidal (skvidal fedoraproject org) wrote:
>
>> If you'd like to have a CV-off with regard to security awareness and
>> actual experience maintaining and securing systems and networks, I'd be
>> happy to do so.
>>
>> Disabling firewalls on individual systems be they desktops or servers is
>> a BAD idea. Full stop.
>
> That is nonsense.
>
> Firewalls on a desktop make no sense, and David is right is that it is
> a relic and not much more. It's paranoia at best to keep this
> installed by default.
>
> Why are desktop firewalls wrong?
>
> 1) they are not dynamic. In times where laptops are constantly moving
>   between networks, with stuff like zeroconf or dynamicly assigned
>   port numbers they would need to adapt dynamically to the
>   circumstances. However, right now they are single system-wide
>   static rule table.
>

And for the most part that is pretty good for the desktop. Watching
the traffic I see at most cafe's, the university network, etc..
firewalls are still needed and not just for Windows boxes. And to be
honest the biggest set of penetration and problems that occur in the
world are from desktops. Break into the desktop, and use it as your
base for other desktops until you get to a server. So far this
semester I have dealt with several compromised systems all were a)
Linux, b) no firewall, and c) desktops or printers with embedded
fedora of all things. The Windows desktops have been running behind
the curve.

Why do I feel like I am reliving the 1990's desktop discussions of
"why are we using this privilege seperation? it makes no sense, and
keeps causing my apps to not work! Answer: Run as root. It fixes all
problems."

In the end, the current firewall is a condom. It gets in the way, but
for a good reason. If you can trust your partner, then do what you
want.. if you can't then wear one.

-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]