Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Feb 2004 16:02:45 +0100 (CET)
From:      roberto@redix.it
To:        freebsd-security@freebsd.org
Subject:   Re: Question about securelevel
Message-ID:  <1287.192.168.0.77.1076511765.squirrel@mail.redix.it>
In-Reply-To: <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net>
References:  <1171.192.168.0.77.1076505166.squirrel@mail.redix.it> <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net>

next in thread | previous in thread | raw e-mail | index | archive | help

>
> On Feb 11, 2004, at 8:12 AM, roberto@redix.it wrote:
>
>> Could this configuration be considered secure, according to you?
>
> There's no way to determine that without some consideration of the
> threats you are facing.  Security considerations against simple attacks
> (e.g., kiddies) are a lot different than considerations against
> industrial espionage, against discovery by the secret police, and
> against very smart government spies.
>
> What are you protecting?  From whom?  At what cost?
>
> --Jim
>

You are right: I agree with you that security consideration can be
different depending on what to protect, from whom etc. And even a sigle
machine implementing a packet-filter is only a little part of a firewall
architecture.

But my discussion is trying to address the weakness I red about
securelevel into the mailing list archive.
Could securelevel+readonly file system result in a more secure O.S.?

Regards
Roberto

 _______________________________________________
 freebsd-security@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-security
 To unsubscribe, send any mail to
 "freebsd-security-unsubscribe@freebsd.org"





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1287.192.168.0.77.1076511765.squirrel>