Posted on 01/15/2002 4:54:37 PM PST by Bush2000
And the average script kiddly likely will be frustrated. It's not like your running Windows on it.
Well, seeing as I don't even open that port, that's not even an issue.
Gee, your online life must be very dull if you don't ever use email. In case you hadn't been keeping up with world events, most people who got ILOVEYOU didn't have that port open either. A firewall also won't stop a rogue website from trying to execute dangerous code on your computer. I think that I can safely presume that you visit websites, no?
For what it's worth, I don't use Linux for a firewall. I use OpenBSD. And for the past four years, it has indeed been invulnerable to attacks.
I also secure all of my externally accessible boxen, turn off all uneccesary services, use and monitor an intrusion detection system, keep off-line backups of all of my configurations and logs, and do regular audits to ensure that no one has snuck in without me knowing about it. I refer you to my previous post about the difference between feeling secure because you have X and Y ports closed and actually being secure because you treat security as an ongoing process.
You still haven't answered the question as to why you aren't using your vaunted, "most secure Windows ever," Windows XP as your firewall.
And now we not only wonder about that, we wonder about why you won't answer the question as well.
The blatant inability of content filters to keep up with "inappropriate" sites show that that path is a dead end. It's much better to stop using web browsers, email clients and operating systems that have repeatedly shown to be untrustworthy, default to doing dangerous things and can't be fixed by the end user or purchasing company.
I'm not picking on you in particular. Your attitude (and many other people) toward security is what keeps my paychecks rolling in.
I get regular calls from people who have been hacked needing someone to help them clean up the mess. Invariably they demand to know how they can be hacked when they've bought $30,000 worth of firewall. They point out the fact that only absolutely necessary traffic is allowed in.
I just shrug. They probably didn't consider that the really good hackers know that certain services like HTTP and DNS are necessary. And they plan their attacks accordingly.
They refuse to encrypt their B2B connections because of the cost, they allow users inside to use telnet and allow them to contact webmail servers over HTTP instead of HTTPS. They refuse to set up internal DNS servers that can't be hijacked. And it ends up costing them.
When I give preventative advice, it is almost never followed. I make sure to list the possible dangers of not implementing my advice.
When they get the bill for my clean-up services I gently point out that it would have been a lot cheaper to secure themselves than clean up the mess. And then I get paid again when I secure their network.
And then when I come back six months later and no one has been even looking at the log files, I point it out, go home and wait for them to get hacked again.
Microsoft has recently announced that they are going to take security seriously. No, really. They mean it this time. *snicker*
I sure hope not. I need the business.
Knitebane
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.