Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Sep 2001 16:50:26 -0600 (CST)
From:      Ryan Thompson <ryan@sasknow.com>
To:        David Kirchner <davidk@accretivetg.com>
Cc:        Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>, security@FreeBSD.ORG
Subject:   Re: NIMDA Virus (OT)
Message-ID:  <Pine.BSF.4.21.0109201649300.86476-100000@ren.sasknow.com>
In-Reply-To: <20010920143246.O85958-100000@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
David Kirchner wrote to Krzysztof Zaraska:

> On Fri, 21 Sep 2001, Krzysztof Zaraska wrote:
> 
> > Some people say that web server(s) should not be allowed to initiate any
> > outbound connections (and especially to port 80) not necessary for normal
> > operations, so if they have all servers on a separate subnet (what makes
> > sense) they can just prohibit outbound HTTP from that network only. So
> > setting up a proxy is not necessary.
> 
> Me, I just prefer to patch the holes instead of hiding behind filters. ;-)

Amen to that. Even better, though, is patching the holes AND hiding behind
filters ;-)  (i.e., two components of the much talked about layered
approach to security).

- Ryan

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109201649300.86476-100000>