Date: Sat, 17 Mar 2001 18:15:28 -0600 From: Mike Meyer <mwm@mired.org> To: richard childers <fscked@pacbell.net>, "Dave VanAuken" <dave@hawk-systems.com> Cc: questions@freebsd.org Subject: Re: FreeBSD Firewall vs. Black Ice Message-ID: <15027.65056.301984.329264@guru.mired.org> In-Reply-To: <85007078@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Dave VanAuken <dave@hawk-systems.com> types: > A wise use of FreeBSD vs a hardware based firewall solution is to have > the box performing additional tasks... then I could justify the box. I would call that a foolish use, not a wise one. A box is only as secure as the least secure service it offers. Putting multiple services on one box lowers the security of all but one of those services. So either your "additional tasks" are now only as secure as your firewall, or your firewall is only as secure as those services. Neither of these situations is desirable. richard childers <fscked@pacbell.net> types: > It is generally a rule of thumb amongst mechanical engineers that there is a > direct proportion between the number of moving parts in a given device and > the probability that it will cease working as a result of these moving parts. Among EEs of my acquaintance, the rule is applied to parts, not simply moving parts. I once had one decide that a wall socket for the ethernet was a bad idea, because it was an additional failure point. So they didn't use any... > ('The Screensavers'. What is this? The made-for-TV action drama based on the > fish tank? :-) It's a video advice column for the cpulost. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15027.65056.301984.329264>