filtered ports
Tim Lyons
tlyons at digitalvoodoo.org
Fri Nov 2 13:48:24 EST 2001
On Fri, 2 Nov 2001, Matthew J. Brodeur wrote:
<SNIP>
> I personally would remove ipchains completely on a system like this,
> but that's up to you.
>
</SNIP>
I have to ask - why? If you can add an additonal layer of protection to
your system by ensuring that no unintended services can operate - then
what's the harm?
I persoanlly setup IPCHAINS, wrappers (when possible), and application
ACL's (when possible) to reduce the chance of someone explioting my box or
- more likely - me inadvertantly leaving a service running or having
it externally accessed while testing.
Just my $.02...
--Tim
More information about the Discuss
mailing list