Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???
From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 07/26/04
- Previous message: InHisGrip: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
- In reply to: Mark Tinberg: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Mark Tinberg <mtinberg@securepipe.com> Date: Mon, 26 Jul 2004 17:20:01 -0400 (EDT)
pet peeve here also; for opposing reasons;
vendors toss too much crap into kernels and build too many modules. if
parts of the kernel/OS are even built as modules. This leave kernels and
the systems they run on far to open to exploits of sub devices and parts
of the kernel structure. Knowing how to build a tight and efficient
lernel with only those services one needs and those modules that one will
use is a requirement for effective security, on both gateway and
multi-user systems.the word 'trust' should leave a bad taste in the mouth
of anyone that uses the term in a security contexxt, even if applied
towards the vendor.
Thanks,
Ron DuFresne
On Mon, 26 Jul 2004, Mark Tinberg wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 23 Jul 2004, Victor Williams wrote:
>
> > 5. A custom kernel is always a better idea vs blindly trusting what
> > others have compiled or let leak into theirs. I compile custom kernels
> > for any Linux machine (serving internet content/services or not),
> > regardless of the function.
>
> This attitude is a pet peeve of mine. Why do people assume that because
> they _can_ build a kernel for themselves that they must naturally be
> better at it then the people at RedHat, SuSE/Novell or Debian who live,
> sleep, eat and breathe the kernel all day long. I think that it is as
> much about blindly throwing away all of the work that people who maintain
> production quality kernels do as it is about trusting their work. Another
> way to put this is, in what is your trust in the vanilla kernel sources,
> or your builds, based? Hopefully not blind trust 8^)
>
> - --
> Mark Tinberg <MTinberg@securepipe.com>
> Staff Engineer, SecurePipe Inc.
> Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
>
> iD8DBQFBBVhBFu7F5OUjbGcRAg9ZAJ0SdeTOytryMxd7Rbg/QydeiEZ9fACeJMEE
> y09h92D5AaB9dAwhxSAkN4w=
> =AJW0
> -----END PGP SIGNATURE-----
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: InHisGrip: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
- In reply to: Mark Tinberg: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
