Date: Thu, 20 Sep 2001 16:50:26 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: David Kirchner <davidk@accretivetg.com> Cc: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>, security@FreeBSD.ORG Subject: Re: NIMDA Virus (OT) Message-ID: <Pine.BSF.4.21.0109201649300.86476-100000@ren.sasknow.com> In-Reply-To: <20010920143246.O85958-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
David Kirchner wrote to Krzysztof Zaraska: > On Fri, 21 Sep 2001, Krzysztof Zaraska wrote: > > > Some people say that web server(s) should not be allowed to initiate any > > outbound connections (and especially to port 80) not necessary for normal > > operations, so if they have all servers on a separate subnet (what makes > > sense) they can just prohibit outbound HTTP from that network only. So > > setting up a proxy is not necessary. > > Me, I just prefer to patch the holes instead of hiding behind filters. ;-) Amen to that. Even better, though, is patching the holes AND hiding behind filters ;-) (i.e., two components of the much talked about layered approach to security). - Ryan -- Ryan Thompson <ryan@sasknow.com> Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109201649300.86476-100000>