On Wed, Mar 16, 2005 at 07:50:13PM -0800, Thomas Bushnell BSG wrote: > Joel Aelwyn <[EMAIL PROTECTED]> writes: > > > * SCC systems have buildds. > > > > * Buildds must be network accessible. > > > > * The first rule of securing a machine exposed to the wilds is "Deny by > > default, allow by need". > > Exactly which firewalling are the existing buildds doing? (I'm asking > for information; if you don't know, then you don't know.)
For buildds, since I don't run one as either local or DSA admin, I couldn't tell you offhand. I know what I'd *expect* them to be doing, as general guidelines, which closely resembles what I do on servers I deploy facing the net, but I don't know what they *are* doing. I have no particular reason to believe that they aren't running a sane set of firewalling rules; in fact, I would assume that they are, but I don't feel impolite enough to annoy someone's HIDS log with random checking. I also wouldn't expect details to be posted to the list; while security through obscurity is not *sufficient*, there are times when it is *useful*. -- Joel Aelwyn <[EMAIL PROTECTED]> ,''`. : :' : `. `' `-
signature.asc
Description: Digital signature