Subject: Re: Securing NetBSD
To: None <netbsd-users@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: netbsd-users
Date: 02/28/2001 18:31:37
On Wed, Feb 28, 2001 at 06:15:07PM +0100, wojtek@wojtek.from.pl wrote:
> > > since this is going to be a firewall.  And of course don't give out 
> > > user accounts on your firewall.  After that you should be set. 
> > 
> > I wouldn't even enable ssh.  If it's a firewall, the only way to get to it
> > should be via the console.  Opening it up to any form of remote access
> > gives rise to the possibility of something, somehow gaining access and
> > comprimising the security of any networks or hosts involved.
> > 
> > Just my $0.02
> 
> ssh is no problem. only access to firewall machine should be enabled only
> for trusted machines

Nonsense.  Plenty of people who configure firewalls for a living consider
any network login access to the firewall box, wherever from, to be a problem.

Maybe that's not good advice _for you_, but it's absurd to suggest that your
own advice applies to the general case -- there just about *is* no "general
case" in firewall security.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
    And now he couldn't remember when this passion had flown, leaving him so
  foolish and bewildered and astray: can any man?
						   William Styron