[rescue] Solaris security
David Passmore
rescue at sunhelp.org
Sun Jul 29 12:18:56 CDT 2001
On Sun, Jul 29, 2001 at 12:23:33PM -0400, Brian Hechinger wrote:
> > users tend to punch nasty holes in them when they find them inconvenient.
>
> uhm, you let anyone else touch your firewall rules? not a chance. :)
To clarify, in any environment where technological measures are used to
prevent folks from doing unauthorized things like surfing the web at
work, instead of social measures, people tend to find ways around them. If
there is one port open on that firewall, just one, people will tunnel all
sorts of stuff through it. Proxies will be set up, etc. People will bypass
security in all sorts of interesting ways to get their work/play done, and
this tends to create more holes than would be there otherwise.
I advocate TCP wrappers over something like ipfilter for one reason; they
force you to think about things as services rather than as generic IPs and
port numbers. It's simpler too, which always helps. :)
David
More information about the rescue
mailing list