Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Thu, Oct 24, 2002 at 01:42:32PM -0400, Derek Atkins wrote: > Chris Tresco <rardoe at rarcom.com> writes: > > > You could argue the same for a Windows box... if maintained correctly , > > it doesn't need a firewall. But alas... > > No, there is just no way to secure SMB on a windows box, and frankly > there is no way to know what apps are "autorun" on a windows box. > I've heard of applications that install _AND RUN_ IIS for you, > automatically! Which means you may not even know you're running it. > > That would/could never happen on Linux. There are secure file > systems, secure network authentication systems, and service lockdown > methodologies for Linux (and BSD, and Solaris, and...) which results > in a MUCH more stable and secure operating environment. > > In general, firewalls only get in the way and reduce productivity. > There are a _few_ cases where a minimal packet filter is useful. Most machines involved in DDOS attacks aren't run by folks whose computer literacy remotely approaches that of this crowd. Firewalls certainly aren't the last word in keeping your and my machines out of DDOS attack squadrons - mainly because most of us do a good job of protecting all the machines we run, Linux and otherwise. But if you were to recommend a single, easy-to-grok countermeasure to be taken by the great unwashed, getting simple-to-use firewalls onto or in front of those zillions of unprotected machines would go a long way toward preserving truth, justice, and the Internet Way. Nathan Meyers nmeyers at javalinux.net > -derek
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |