Subject: Re: Securing NetBSD
To: None <netbsd-users@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: netbsd-users
Date: 02/28/2001 18:31:37
On Wed, Feb 28, 2001 at 06:15:07PM +0100, wojtek@wojtek.from.pl wrote:
> > > since this is going to be a firewall. And of course don't give out
> > > user accounts on your firewall. After that you should be set.
> >
> > I wouldn't even enable ssh. If it's a firewall, the only way to get to it
> > should be via the console. Opening it up to any form of remote access
> > gives rise to the possibility of something, somehow gaining access and
> > comprimising the security of any networks or hosts involved.
> >
> > Just my $0.02
>
> ssh is no problem. only access to firewall machine should be enabled only
> for trusted machines
Nonsense. Plenty of people who configure firewalls for a living consider
any network login access to the firewall box, wherever from, to be a problem.
Maybe that's not good advice _for you_, but it's absurd to suggest that your
own advice applies to the general case -- there just about *is* no "general
case" in firewall security.
--
Thor Lancelot Simon tls@rek.tjls.com
And now he couldn't remember when this passion had flown, leaving him so
foolish and bewildered and astray: can any man?
William Styron