From owner-freebsd-questions Tue Oct 23 0:17:21 2001 Delivered-To: freebsd-questions@freebsd.org Received: from logicalhost.com (logicalhost.com [63.169.206.2]) by hub.freebsd.org (Postfix) with ESMTP id D63EC37B405 for ; Tue, 23 Oct 2001 00:17:17 -0700 (PDT) Received: from colt.ncptiddische.net (ppp-121.wobline.de [212.68.69.129]) by logicalhost.com (8.11.6/8.11.6) with ESMTP id f9N7J9R55715; Tue, 23 Oct 2001 03:19:12 -0400 (EDT) Received: from jodie.ncptiddische.net (jodie.ncptiddische.net [192.168.0.2]) by colt.ncptiddische.net (8.11.6/8.11.6) with ESMTP id f9N7Imx38762; Tue, 23 Oct 2001 09:18:53 +0200 (CEST) (envelope-from nils@tisys.org) Received: from jodie.ncptiddische.net (jodie.ncptiddische.net [192.168.0.2]) by jodie.ncptiddische.net (8.11.6/8.11.6) with ESMTP id f9N7GSo10400; Tue, 23 Oct 2001 09:16:29 +0200 (CEST) (envelope-from nils@tisys.org) Date: Tue, 23 Oct 2001 09:16:28 +0200 (CEST) From: Nils Holland X-X-Sender: nils@jodie.ncptiddische.net To: Julian Morgan Cc: freebsd-questions@FreeBSD.ORG Subject: Re: REQUEST FOR COMMENT In-Reply-To: Message-ID: <20011023091049.L73295-100000@jodie.ncptiddische.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Oct 2001, Julian Morgan wrote: > As a result they believe that it is better to get some certified > hardware firewall that provider upgrades patches, instead of having a > Unix product which is open source and requires patches all the time, > updates ontop of the usual monitoring, and dedicate a person to > basically be ontop of all seven sites all the time.... Hmmm, I have secured various networks using FreeBSD over the past years. Some of these old FreeBSD systems I have set up are still in used and have only been updated by critical security patches. I have not yet had to run to all the boxes I have set up three times a day because they "require patches all the time". It's actually the other way round: If some security hole is discovered, you can be sure that FreeBSD as an open-source system is amongst the first to release patches. Some of our hackers out there are always working - we don't have "business hours" like the commercial folks do. Last but not least, I don't know why you complain about having to assign a person to monitor the FreeBSD boxes. If it comes to security, monitoring is the second most importatnt thing, following right after "securing". There is no such thing as a "set it and forget it" solution for security, because one must always assume to be at risk. Greetings Nils Nils Holland Ti Systems - FreeBSD in Tiddische, Germany http://www.tisys.org * nils@tisys.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message