Re: Oh, here's an interesting paper.....
From: FB (nospam@nospam.com)Date: 05/27/02
- Next message: hans: "Re: Hardened Linux"
- Previous message: Bernie M: "Re: Detecting Connection Attempts"
- In reply to: dnb: "Re: Oh, here's an interesting paper....."
- Next in thread: Richard Steiner: "Re: Oh, here's an interesting paper....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: FB <nospam@nospam.com> Date: Mon, 27 May 2002 23:31:20 +0200
dnb wrote:
> But that's my point - the firewall needs to be as straightforward and
> obvious to use as looking out a window (don't dwell on my use of this word)
> to see what the weather is like. An impossible, uptopian wish, I admit.
Hm, most firewalls/packet filters are straightforward. Ipchains or
iptables are nice. More usefull than ZA in my opinion.
> But until "Average Joe" can be as sure of how well his computer is locked up
> as he is about whether the front door is locked then worms, trojans and
> virus (oh my) will be a problem. (or until the jerks that write them grow up
> and put their talents to some useful purpose)
>
> You would never consider telling me to learn how pin-tumblers and
> anti-picking features work so that I can be sure my deadbolt is secure.
But you want to use such a professional tool and you want those
utilities to be as simple as a lock. I mean, how do you want to write a
letter with Word if you don't know how to save the file or print? It's
not that easy as one might think at first. That's with firewalls too:
You can have a default setup that is a pain in the ass after you decide
to do more than browsing the internet. Then you can have a firewall that
permits everything - which renders the tool useless in fact. There's
only one conclusion: If you want a firewall that fits *your* needs, you
have to configure it properly. Another way is securing the OS itself by
other means. At the end it's your choice.
> Expecting people to go about "learning how to operate/secure linux" will
> create more problems than it solves, if it solves any at all. It's not an
> issue of what software to use to build the firewall, although I strongly
> disagree that one based on a multi-tasking/multi-user OS is the way to go
> (be that linux, unix, windows, BeOS or whatever). Firewalls need to be
> dedicated and focused on being a firewall - and nothing else.
You can set up a dedicated packet filter with linux, windows, beos or
whatever. Or take a hardware router with packet filtering functionality.
Both need proper configuration.
> Whatever is used, it has to do a better job of showing the user what's going
> on than what we have today. There is nothing available today that really
> succeeds in that because they are written for and used by computer geeks,
> not Average Joe. That will be true until Average Joe rises to a level of
> expertise equal to that of the people doing the hacking.
>
> But, that will never happen.
Uhm well, those tools will never be as simple as a toaster. It's not
because they are written for the toaster-professionals aka computer
geeks. It's because of the complexity of security itself.
But the average level rises. People become aware of security - software
developers too. And I say again: It's your choice if you use
professional tools or just common sense to be "safe".
- Next message: hans: "Re: Hardened Linux"
- Previous message: Bernie M: "Re: Detecting Connection Attempts"
- In reply to: dnb: "Re: Oh, here's an interesting paper....."
- Next in thread: Richard Steiner: "Re: Oh, here's an interesting paper....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
