From owner-freebsd-questions Sat Mar 17 16:15:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id B03E437B719 for ; Sat, 17 Mar 2001 16:15:29 -0800 (PST) (envelope-from mwm@mired.org) Received: (qmail 19247 invoked by uid 100); 18 Mar 2001 00:15:28 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15027.65056.301984.329264@guru.mired.org> Date: Sat, 17 Mar 2001 18:15:28 -0600 To: richard childers , "Dave VanAuken" Cc: questions@freebsd.org Subject: Re: FreeBSD Firewall vs. Black Ice In-Reply-To: <85007078@toto.iv> X-Mailer: VM 6.89 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dave VanAuken types: > A wise use of FreeBSD vs a hardware based firewall solution is to have > the box performing additional tasks... then I could justify the box. I would call that a foolish use, not a wise one. A box is only as secure as the least secure service it offers. Putting multiple services on one box lowers the security of all but one of those services. So either your "additional tasks" are now only as secure as your firewall, or your firewall is only as secure as those services. Neither of these situations is desirable. richard childers types: > It is generally a rule of thumb amongst mechanical engineers that there is a > direct proportion between the number of moving parts in a given device and > the probability that it will cease working as a result of these moving parts. Among EEs of my acquaintance, the rule is applied to parts, not simply moving parts. I once had one decide that a wall socket for the ethernet was a bad idea, because it was an additional failure point. So they didn't use any... > ('The Screensavers'. What is this? The made-for-TV action drama based on the > fish tank? :-) It's a video advice column for the cpulost. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message